InspIRCd v4 is still early in development!

If you use this branch you may experience crashes, weird behaviour, and unannounced breaking changes.

You probably want to use InspIRCd v3 instead.

Configuration

If you are configuring your server from scratch you might find the example configuration files helpful.

These are located in:

  • /usr/share/doc/inspircd if using our UNIX binary packages.
  • C:\Program Files\InspIRCd\conf\examples if using our Windows binary package.
  • [ROOT]/run/conf/examples if you have built in your home directory.

This page only lists core configuration. For details on the configuration of a specific module please refer to the appropriate page for that module.

<admin>

The <admin> tag defines contact details for the server administrator. This tag can only be defined once.

Name Type Default Value Description
name Text <server:network> Admins The nickname, real name, or team name of the server administrator(s).
description Text None A description of the server administrator(s).
email Text noreply@<server:name> The email address at which the server administrator(s) can be contacted in case of issues.

Example Usage

<admin name="Adam Inistrator"
       description="Supreme Overlord"
       email="noreply@example.com">

<badhost>

The <badhost> tag defines a permanent K-line. This tag can be defined as many times as required.

Name Type Default Value Description
host Text None Required! A user@host to K-line.
reason Text None Required! The reason for the K-line being added.

Example Usage

<badhost host="*@example.com"
         reason="Spamming">

<badip>

The <badip> tag defines a permanent Z-line. This tag can be defined as many times as required.

Name Type Default Value Description
ipmask Text None Required! An IP address to Z-line.
reason Text None Required! The reason for the Z-line being added.

Example Usage

<badip ipmask="192.0.2.0/24"
       reason="Spamming">

<badnick>

The <badnick> tag defines a permanent Q-line. This tag can be defined as many times as required.

Name Type Default Value Description
nick Text None Required! A nickname to Q-line.
reason Text None Required! The reason for the Q-line being added.

Example Usage

<badnick nick="NickServ"
         reason="Reserved for a network service">

<bind>

The <bind> tag defines an endpoint to listen for connections on. This tag can be defined as many times as required.

Name Type Default Value Description
address Text None TCP/IP listeners only! If defined then the IP address to bind to instead of listening on all available interfaces.
port Number None Required for TCP/IP listeners! The TCP port to listen for connections on.
defer Duration 0 TCP/IP listeners only! The number of seconds to defer a connection for whilst waiting for it to send data (not supported on Windows).
hook Text None If defined then the name of a module that provides middleware for this listener.
free Boolean No TCP/IP listeners only! Whether to allow binding on TCP/IP endpoints which may not be usable yet (not supported on Windows).
path Text None Required for UNIX listeners! The UNIX socket endpoint to listen for connections on (not supported on Windows).
permissions Number None UNIX listeners only! The permissions to use for the UNIX socket (only supported on Linux).
replace Boolean No UNIX listeners only! Whether to replace the UNIX socket file if it already exists (not supported on Windows).
type Text clients The type of connection to be allowed on this endpoint.

Additionally, the following fields are provided by modules:

Name Type Default Value Module Description
sslprofile Text None ssl_gnutls This MUST be set to the name of a GnuTLS TLS (SSL) profile to listen for secure connections with GnuTLS.
ssl_mbedtls This MUST be set to the name of a mbedTLS TLS (SSL) profile to listen for secure connections with mbedTLS.
ssl_openssl This MUST be set to the name of an OpenSSL TLS (SSL) profile to listen for secure connections with OpenSSL.

If defined the hook field should be set to one of the following values:

Value Module Description
haproxy haproxy Listens for connections that use the HAProxy Proxy protocol.
websocket websocket Listens for connections that use WebSocket framing.

The type field should be set to one of the following values:

Value Module Description
clients None Listens for IRC client connections.
httpd httpd Listens for HTTP connections.
servers spanningtree Listens for IRC server connections.

Example Usage

Listens for IRC client connections on 192.0.2.1:6667:

<bind address="192.0.2.1"
      port="6667"
      type="clients"
      defer="0s"
      free="no">

Listens for IRC server connections on *:7000:

<bind port="7000"
      type="servers"
      defer="5s"
      free="no">

Listens for IRC client connections on /run/inspircd/inspircd.sock

<bind path="/run/inspircd/inspircd.sock"
      type="clients"
      permissions="750"
      replace="yes">

<cidr>

The <cidr> tag defines the number of bits of an IP address that should be looked at when locating clones. This tag can only be defined once.

Name Type Default Value Description
ipv4clone Number 32 The number of bits (0-32) of an IPv4 address that should be looked at when locating clones.
ipv6clone Number 128 The number of bits (0-128) of an IPv6 address that should be looked at when locating clones.

Example Usage

<cidr ipv4clone="32"
      ipv6clone="128">

<class>

The <class> tag defines a set of server operator privileges. This tag can be defined as many times as required.

Name Type Default Value Description
name Text None A name that uniquely identifies this server operator class.
commands Text None A space-delimited list of server operator-only commands that server operators with this class can execute.
privs Text None A space-delimited list of server operator privileges that server operators with this class have.
chanmodes Text None The server operator-only channel modes that server operators with this class can change.
usermodes Text None The server operator-only user modes that server operators with this class can change.
snomasks Text None The server operator-only snomasks that server operators with this class can change.

The core supplies the following server operator privileges for use in <class:privs>.

Name Description
channels/auspex Allows server operators to see more details about channels than normal users.
servers/auspex Allows server operators to see more details about server information than normal users.
users/auspex Allows server operators to see more details about users than normal users.
users/channel-spy Allows server operators to view the private/secret channels that a user is on.
users/flood/increased-buffers Allows server operators to send and receive data without worrying about being disconnected for exceeding limits.
users/flood/no-fakelag Prevents server operators from being penalized with fake lag for flooding.
users/flood/no-throttle Allows server operators to send commands without being throttled.
users/mass-message Allows server operators to send a PRIVMSG or NOTICE to a server mask.

The users/flood/* privileges are potentially dangerous as they grant a server operator the ability to hammer your server's CPU/RAM as much as they want.

Example Usage

<class name="OperChat"
       commands="WALLOPS GLOBOPS"
       privs="users/mass-message"
       chanmodes="*"
       usermodes="*"
       snomasks="gG">
<class name="OperView"
       privs="channels/auspex users/auspex users/channel-spy servers/auspex">

<connect>

The <connect> tag defines a class that users can be filtered into when they connect to the server. This tag can be defined as many times as required.

Name Type Default Value Description
name Text None If defined then the name of this connect class.
allow Text None A glob pattern or CIDR range for an IP address which is allowed to connect to the server. If this is defined then deny (below) MUST NOT be defined.
deny Text None A glob pattern or CIDR range for an IP address which is banned from connecting to the server. If this is defined then allow (above) MUST NOT be defined.
commandrate Number None The number of millicommands (1000 equals 1 command) per second that a user can execute.
connected Boolean None If defined then whether this connect class matches a user that is partially connected or a client that is fully connected.
fakelag Boolean Yes Whether users should have their input/output delayed when they reach a soft limit rather than being killed.
globalmax Number None The maximum number of users who can exist on the entire network from the range specified in the allow field.
hardsendq Number 1048576 The maximum amount of data allowed in a user's send queue before it is killed.
limit Number None The maximum number of users who can be in this connect class.
localmax Number None The maximum number of users who can exist on the local server from the range specified in the allow field.
maxchans Number None If defined then the maximum number of channels that a user in this class can be in.
maxconnwarn Boolean No Whether to send a server notice when a connect class limit is reached.
parent Text None If defined then the name of the class to inherit most core settings from.
password Text None The password that the user must send to be put into this connect class.
pingfreq Duration 2m The number of seconds this client can be idle for before sending it a PING message.
port Number None The port on which a client must be connecting to be put into this connect class.
reason Text Unauthorised connection If <connect:deny> is set then the reason to give when disconnecting a user.
resolvehostnames Boolean Yes Whether to do DNS lookups for the hostnames of users in this class.
recvq Number 4096 The maximum amount of data allowed in a user's receive queue before it is killed.
softsendq Number 4096 The maximum number of bytes of data that can be in a user's send queue before the server stops processing their input to allow the send queue to drain.
threshold Number 10 The maximum amount of penalty that a user can have before being fakelagged or killed if fakelag is turned off.
timeout Duration 1m30s The number of seconds after which a partially connected user is timed out.
uniqueusername Boolean No Whether users in this class are connecting from a shared host and can be uniquely identified by their username (ident).

Additionally, the following fields are provided by modules:

Name Type Default Value Module Description
autojoin Text None conn_join A comma-delimited list of channels for users in this connect class to be joined to on connect.
autojoindelay Duration 15m conn_join The duration to wait before joining users to the specified channels.
country Text None geoclass A space-delimited list of ISO 3166-1 alpha-2 country codes that users must be connecting from to be assigned to this class.
dnsbl Text None dnsbl Match users to this connect class by DNSBL name when using the mark action.
modes Text None conn_umodes The user modes to set on connecting users.
requireaccount Text No account Whether users must be logged into a services account to use this class.
requireident Boolean No ident Whether users must have responded to a username (ident) lookup to be assigned to this class.
requiressl Text no sslinfo Whether users must be using TLS (SSL) to use this class.
useconnectban Boolean yes connectban Whether to ban users in this class for making excessive connections to the server.
useconnflood Boolean yes connflood Whether to throttle users in this class when excessive connections are being made to the server.
usednsbl Boolean Yes dnsbl Whether users in this connect class should be looked up in a DNSBL.
useident Boolean Yes ident Whether users in this connect class should have their usernames (idents) looked up.
usests Boolean Yes ircv3_sts Whether users in this connect class should have a STS policy advertised to them.
webirc Text None gateway If defined then a glob pattern to match the name of a WebIRC gateway against.

The hash field is currently optional but will be required in the next major version of InspIRCd when using password authentication.

The following hashing modules are included with InspIRCd:

Algorithm Module(s) Description
argon2d argon2 Hashes using the Argon2d algorithm.
argon2i argon2 Hashes using the Argon2i algorithm.
argon2id argon2 Hashes using the Argon2id algorithm.
bcrypt bcrypt Hashes using the bcrypt algorithm.
hmac-md5 password_hash, md5 Hashes using the MD5 and HMAC algorithms.
hmac-sha1 password_hash, sha1 Hashes using the SHA-1 and HMAC algorithms.
hmac-sha224 password_hash, sha2 Hashes using the SHA-224 and HMAC algorithms.
hmac-sha256 password_hash, sha2 Hashes using the SHA-256 and HMAC algorithms.
hmac-sha384 password_hash, sha2 Hashes using the SHA-384 and HMAC algorithms.
hmac-sha512 password_hash, sha2 Hashes using the SHA-512 and HMAC algorithms.
md5 md5 Hashes using the MD5 algorithm.
pbkdf2-hmac-md5 pbkdf2, md5 Hashes using the MD5 and PBKDF2 algorithms.
pbkdf2-hmac-sha1 pbkdf2, sha1 Hashes using the SHA-1 and PBKDF2 algorithms.
pbkdf2-hmac-sha224 pbkdf2, sha2 Hashes using the SHA-224 and PBKDF2 algorithms.
pbkdf2-hmac-sha256 pbkdf2, sha2 Hashes using the SHA-256 and PBKDF2 algorithms.
pbkdf2-hmac-sha384 pbkdf2, sha2 Hashes using the SHA-384 and PBKDF2 algorithms.
pbkdf2-hmac-sha512 pbkdf2, sha2 Hashes using the SHA-512 and PBKDF2 algorithms.
sha1 sha1 Hashes using the SHA-1 algorithm.
sha224 sha2 Hashes using the SHA-224 algorithm.
sha256 sha2 Hashes using the SHA-256 algorithm.
sha384 sha2 Hashes using the SHA-384 algorithm.
sha512 sha2 Hashes using the SHA-512 algorithm.

Example Usage

Denies connections to clients connecting from 3ffe::0/32:

<connect name="6bone"
         deny="3ffe::0/32"
         reason="The 6bone address space is deprecated">

Defines a TLS (SSL) only connect class and then a general connect class to inherit from:

<connect name="Secure"
         parent="Main"
         port="6697">

<connect name="Main"
         allow="*"
         commandrate="1000"
         fakelag="on"
         globalmax="3"
         hardsendq="1M"
         limit="5000"
         localmax="3"
         maxchans="30"
         maxconnwarn="no"
         pingfreq="120"
         recvq="8K"
         resolvehostnames="yes"
         softsendq="8192"
         threshold="10"
         timeout="10"
         uniqueusername="no">

Special Notes

If you are also using the gateway module you should disable DNS lookups for your WebIRC gateway.

<define>

The <define> tag allows you to to define XML-style entities which you can use in your config to avoid duplication. This tag can be defined as many times as required.

Name Type Default Value Description
name Text None Required! The name of the entity.
value Text None The value to replace instances of the entity with.

The following entities are already defined:

Name Description
&amp; An ampersand.
&apos; A single quote. This can be used unescaped but is supported for compatibility with XML generators.
&dir.config; The configuration directory that was configured at build time.
&dir.data; The data directory that was configured at build time.
&dir.log; The log directory that was configured at build time.
&dir.module; The module directory that was configured at build time.
&dir.runtime; The runtime directory that was configured at build time.
&env.NAME; The value of the NAME environment variable when InspIRCd was first started.
&gt; A greater than symbol. This can be used unescaped but is supported for compatibility with XML generators.
&irc.bold; Makes subsequent text within an IRC message bold.
&irc.color; Makes subsequent text within an IRC message colored. Should be followed by color codes in the format FG[,BG]. See ircdocs for more information.
&irc.colour; Makes subsequent text within an IRC message colored. Should be followed by color codes in the format FG[,BG]. See ircdocs for more information.
&irc.hexcolor; Makes subsequent text within an IRC message colored. Should be followed by hexadecimal color codes in the format FRFGFB[,BRBGBB] (not widely supported).
&irc.hexcolour; Makes subsequent text within an IRC message colored. Should be followed by hexadecimal color codes in the format FRFGFB[,BRBGBB] (not widely supported).
&irc.italic; Makes subsequent text within an IRC message italic.
&irc.monospace; Makes subsequent text within an IRC message monospace (not widely supported).
&irc.reset; Disables all text formatting for subsequent text.
&irc.reverse; Makes subsequent text within an IRC message reversed.
&irc.strikethrough; Makes subsequent text within an IRC message struckthrough (not widely supported).
&irc.underline; Makes subsequent text within an IRC message underlined
&lt; A less than symbol. This can be used unescaped but is supported for compatibility with XML generators.
&nl; A new line.
&quot; A double quote.

Example Usage

Creates the &ServerHost; entity with a value of "example.com":

<define name="ServerHost"
        value="example.com">

<dns>

The <dns> tag defines the DNS server to use when looking up hostnames. This tag can only be defined once.

Name Type Default Value Description
enabled Boolean Yes Whether DNS lookups are enabled.
server Text None If defined then the DNS server to look up hostnames with. If not set then the first system resolver will be used.
timeout Number 5 The number of seconds before timing out DNS lookups.
sourceip Text None If defined then the IP address to connect from when doing DNS lookups.
sourceport Number None If defined then the UDP port to connect from when doing DNS lookups.

Example Usage

<dns enabled="yes"
     server="127.0.0.53"
     timeout="5"
     sourceip=""
     sourceport="0">

<exception>

The <exception> tag defines a permanent E-line. This tag can be defined as many times as required.

Name Type Default Value Description
host Text None Required! A user@host to E-line.
reason Text None Required! The reason for the E-line being added.

Example Usage

<exception host="*@localhost"
           reason="Local connections">

<execfiles>

The <execfiles> tag runs a shell command and reads its output. This tag can only be defined once. The purpose of the output depends on what field commands are defined in.

Note that commands are only run on rehash, so changes are not automatically detected.

Name Type Default Value Description
motd Text None A file used as the message of the day, ie. shown to users when they connect or use the /MOTD command.

Additionally, the following fields are provided by modules:

Name Type Default Value Module Description
opermotd Text None opermotd The file to read or command to execute to obtain the opermotd text.
quotes Text None randquote The file to read or command to execute to obtain the quotes text.

The working directory is InspIRCd's configuration directory.

Example Usage

Downloads https://www.example.com/motd.txt and uses it as the message of the day:

<execfiles motd="wget -O - https://www.example.com/motd.txt">

<files>

The <files> tag reads one or more files. This tag can only be defined once. The purpose of these files depends on what field they are defined in.

Note that files are only read on rehash, so changes are not automatically detected.

Name Type Default Value Description
motd Text None A file used as the message of the day, i.e. shown to users when they connect or use the /MOTD command.

Additionally, the following fields are provided by modules:

Name Type Default Value Module Description
opermotd Text None opermotd The file to read or command to execute to obtain the opermotd text.
quotes Text None randquote The file to read or command to execute to obtain the quotes text.

All paths are relative to InspIRCd's configuration directory. This is:

File paths are NOT relative to the current config file.

Example Usage

Use the file examples/motd.txt.example as the message of the day:

<files motd="examples/motd.txt.example">

<include>

The <include> tag allows you include the contents of a file or the output of a command into your config file. This tag can be defined as many times as required.

Name Type Default Value Description
directory Text None If defined then the directory to look for .conf files in.
executable Text None If defined then the command to execute.
file Text None If defined then the file to read.
mandatorytag Text None If defined then a tag that must exist in a config file for it to be valid.
missingokay Boolean Yes Whether to ignore config files that don't exist.
noenv Boolean Yes (executable)
No (directory, file)
Whether to allow environment variables to be used from within the included config.
noexec Boolean Yes (executable)
No (directory, file)
Whether to allow executable includes from within the included config.
noinclude Boolean No Whether to allow file includes from within the included config.

Example Usage

Includes links.conf into the config:

<include file="links.conf"
         noenv="no"
         noexec="no"
         noinclude="no"
         mandatorytag="link"
         missingokay="no">

Includes all of the config files in 'modules' into the config:

<include directory="modules"
         noenv="no"
         noexec="no"
         noinclude="no"
         mandatorytag="link">

Executes curl to download https://example.com/links.conf and include it into the config:

<include executable="curl --silent https://example.com/links.conf"
         noenv="yes"
         noexec="yes"
         noinclude="no"
         mandatorytag="link">

<insane>

The <insane> tag defines limits to protect against overly wide X-lines being created. This tag can only be defined once.

Name Type Default Value Description
hostmasks Boolean No Whether to bypass the limit for E-lines, G-lines, and K-lines.
ipmasks Boolean No Whether to bypass the limit for Z-lines.
nickmasks Boolean No Whether to bypass the limit for Q-lines.
trigger Decimal 95.5 The percentage of connected users who must match the X-line for it to be rejected as overly wide.

Example Usage

<insane hostmasks="no"
        ipmasks="no"
        nickmasks="no"
        trigger="95.5">

<limits>

The <limits> tag defines the maximum length of user-configurable fields. This tag can only be defined once.

Name Type Default Value Description
maxaway Number 200 The maximum length of an away message.
maxchan Number 60 The maximum length of a channel name.
maxhost Number 64 The maximum length of a hostname.
maxident Number 10 The maximum length of a username (ident).
maxkey Number 30 The maximum length of a channel key.
maxkick Number 300 The maximum length of a kick message.
maxmodes Number 20 The maximum number of non-flag modes that can be changed in a single MODE message.
maxnick Number 30 The maximum length of a nickname.
maxquit Number 300 The maximum length of a quit message.
maxreal Number 130 The maximum length of a real name (gecos).
maxtopic Number 330 The maximum length of a channel topic.

Example Usage

<limits maxaway="200"
        maxchan="60"
        maxhost="64"
        maxident="11"
        maxkey="30"
        maxkick="300"
        maxmodes="20"
        maxnick="32"
        maxquit="300"
        maxreal="130"
        maxtopic="330">

<log>

The <log> tag defines a location to log to. This tag can be defined as many times as required.

Name Type Default Value Description
method Text file The method to use for storing logs.
type Text * Required! A space-delimited token list of types of message to log.
level Text normal The level of messages to log.
target Text None If using the file method the location to write the log to.
flush Number 20 If using the file method after how many lines to flush the log to disk.

Additionally, the following fields are provided by modules:

Name Type Default Value Module Description
dbid Text None log_sql Required! The name of the database connection to execute the query against.
method Text None log_syslog Required! This MUST be set to stderr to use JSON logging.
log_json Required! This MUST be set to json, json-stderr, or json-stdout to use JSON logging.
log_sql Required! This MUST be set to sql to use SQL logging.
query Text INSERT INTO ircd_log (time, type, message) VALUES (FROM_UNIXTIME($time), '$type', '$message'); log_sql The query to use to insert a log message into the database.
target Text None log_json Required! If using the json method the location to write the log to.

The method field should be set to one of the following values:

Value Module Description
file None Log to a file.
json log_json Log to a file in JSON.
json-stderr log_json Log to the standard error stream in JSON.
json-stdout log_json Log to the standard output stream in JSON.
sql log_sql Log to a SQL database.
stderr None Log to the standard error stream.
stdout None Log to the standard output stream.
syslog log_syslog Log to the system log.

The type field should be set to one or more of the following values:

Value Logging Levels Used Description
BANCACHE debug Messages relating to the X-line result cache.
CHANNELS debug Messages relating to channels.
COMMAND debug Messages relating to command execution.
CONFIG warning
normal
debug
Messages relating to the configuration.
CONNECTCLASS normal
debug
Messages relating to connect classes.
CULLLIST debug Messages relating to object cull lists.
LOG error
normal
Messages relating to logging.
MODE warning Messages relating to modes.
MODULE error
normal
debug
Messages relating to modules.
SERVICE debug Messages relating to service registration.
SOCKET warning
normal
debug
Messages relating to network sockets.
STARTUP error
warning
normal
Messages relating to the startup process.
USERINPUT rawio Messages relating to user input.
USEROUTPUT rawio Messages relating to user output.
USERS warning
debug
Messages relating to users.
core_channel debug Messages relating to channels.
core_dns error
warning
normal
debug
Messages relating to DNS lookups.
core_hostname_lookup debug Messages relating to user hostname lookups.
core_info warning Messages relating to server-provided information.
core_oper error
normal
Messages relating to server operators.
core_reloadmodule debug Messages relating to the RELOADMODULE command.
core_who debug Messages relating to the WHO command.
core_whowas normal Messages relating to the WHOWAS command.
m_argon2 warning Messages relating to the argon2 module.
m_callerid debug Messages relating to the callerid module.
m_cap debug Messages relating to the cap module.
m_chanlog normal Messages relating to the chanlog module.
m_cloaking normal Messages relating to the cloaking module.
m_codepage debug Messages relating to the codepage module.
m_connectban debug Messages relating to the connectban module.
m_customprefix debug Messages relating to the customprefix module.
m_customtitle normal Messages relating to the customtitle module.
m_dccallow debug Messages relating to the dccallow module.
m_disable normal
debug
Messages relating to the disable module.
m_dnsbl debug Messages relating to the dnsbl module.
m_filter warning
normal
debug
Messages relating to the filter module.
m_gateway normal
debug
Messages relating to the gateway module.
m_geo_maxmind debug Messages relating to the geo_maxmind module.
m_hidemode debug Messages relating to the hidemode module.
m_httpd debug Messages relating to the httpd module.
m_httpd_acl debug Messages relating to the httpd_acl module.
m_httpd_config debug Messages relating to the httpd_config module.
m_httpd_stats debug Messages relating to the httpd_stats module.
m_ident debug Messages relating to the ident module.
m_ircv3_sts debug Messages relating to the ircv3_sts module.
m_ldapauth debug Messages relating to the ldapauth module.
m_mysql error
debug
Messages relating to the mysql module.
m_operlog normal Messages relating to the operlog module.
m_opermotd normal Messages relating to the opermotd module.
m_password_hash normal Messages relating to the password_hash module.
m_permchannels error
warning
debug
Messages relating to the permchannels module.
m_pgsql error
debug
Messages relating to the pgsql module.
m_sasl normal
debug
Messages relating to the sasl module.
m_showfile warning Messages relating to the showfile module.
m_silence debug Messages relating to the silence module.
m_spanningtree warning
normal
debug
rawio
Messages relating to the spanningtree module.
m_sqlite3 error
debug
Messages relating to the sqlite3 module.
m_sqloper warning
debug
Messages relating to the sqloper module.
m_ssl_gnutls warning
normal
debug
Messages relating to the ssl_gnutls module.
m_ssl_mbedtls warning
normal
debug
Messages relating to the ssl_mbedtls module.
m_ssl_openssl warning
normal
debug
Messages relating to the ssl_openssl module.
m_sslinfo debug Messages relating to the sslinfo module.
m_sslrehashsignal normal Messages relating to the sslrehashsignal module.
m_topiclock debug Messages relating to the topiclock module.
m_vhost warning Messages relating to the vhost module.
m_xline_db error
debug
Messages relating to the xline_db module.

The level field should be set to one of the following values:

Value Description
rawio Log raw I/O traffic.
debug Log information that is useful for debugging.
normal Log general information.
warning Log issues that should be investigated.
error Log critical errors that must be resolved.

Example Usage

<log method="file"
     type="* -USERINPUT -USEROUTPUT"
     level="normal"
     target="ircd.log"
     flush="20">

<maxlist>

The <maxlist> tag defines the number of list modes which can be created in a channel. This tag can be defined as many times as required.

Name Type Default Value Description
chan Text None Required! A glob pattern for channels that this limit applies to.
mode Number None The character or name for the mode this limit applies to. If not defined then it applies to all modes.
limit Number None Required! The number of bans which can be created in these channels.

Example Usage

<maxlist chan="#largechan"
         mode="b"
         limit="500">

<maxlist chan="*"
         limit="100">

<module>

The <module> tag defines a module to load. This tag can be defined as many times as required.

Name Type Default Value Description
name Text None Required! The name of a module to load.

Example Usage

<module name="ssl_gnutls">

<oper>

The <oper> tag defines a server operator account. This tag can be defined as many times as required.

Name Type Default Value Description
class Text None If defined then a connect class to assign users who log into this server operator account to.
hash Text None If defined then the hash algorithm that the password field is hashed with.
host Text None Required! A space-delimited list of glob patterns for the username@hostname mask that users must be connecting from to log into this server operator account.
name Text None Required! The username for this server operator account.
password Text None Required! The password for this server operator account.
type Text None Required! The type of server operator this account is.
vhost Text None If defined then a virtual hostname to set on users who log into this server operator account.
autologin Text never Whether to automatically log server operators in when they connect to the server.
commands Text None A space-delimited list of server operator-only commands that this server operator can execute.
privs Text None A space-delimited list of server operator privileges that this server operator has. This is in addition to the privileges from the operator type and operator classes.
chanmodes Text None The server operator-only channel modes that this server operator can change. This is in addition to the channel modes from the operator type and operator classes.
usermodes Text None The server operator-only user modes that this server operator can change. This is in addition the user modes from the operator type and operator classes.
snomasks Text None The server operator-only snomasks that this server operator can change. This is in addition the snomasks from the operator type and operator classes.

Additionally, the following fields are provided by modules:

Name Type Default Value Module Description
account Text None account If defined then a space-delimited list of user account names or account identifiers to check against this server operator's account.
autojoin Text None operjoin A comma-delimited list of channels for server operators to be joined to when logging into their server operator account.
automotd Boolean Yes opermotd Whether to send the server operator message of the day to server operators when they log into their server operator account.
fingerprint Text None sslinfo If defined then a space-delimited list of TLS (SSL) client certificate fingerprints to check against this server operator's TLS (SSL) client certificate.
level Number 0 operlevels The rank to give to the server operators.
modes Text None opermodes The user modes to set on server operators when they log into their server operator account.
motd Text opermotd opermotd The file path or name of the field in <files> / <execfiles> to use when reading the server operator message of the day.
sslonly Boolean No sslinfo Whether this server operator must be connected using TLS (SSL) to log into their account.
swhois Text None swhois If defined then defines a custom line to add to the server operator's WHOIS response.

The autologin field should be set to one of the following values:

Value Description
never Do not automatically log users in to this server operator account.
relaxed Automatically log users into this server operator account if their details (account/host/sslonly/etc) match.
strict Automatically log users into this server operator account if their details (account/host/sslonly/etc) match and their nick is the same as the account name.

The following hashing modules are included with InspIRCd:

Algorithm Module(s) Description
argon2d argon2 Hashes using the Argon2d algorithm.
argon2i argon2 Hashes using the Argon2i algorithm.
argon2id argon2 Hashes using the Argon2id algorithm.
bcrypt bcrypt Hashes using the bcrypt algorithm.
hmac-md5 password_hash, md5 Hashes using the MD5 and HMAC algorithms.
hmac-sha1 password_hash, sha1 Hashes using the SHA-1 and HMAC algorithms.
hmac-sha224 password_hash, sha2 Hashes using the SHA-224 and HMAC algorithms.
hmac-sha256 password_hash, sha2 Hashes using the SHA-256 and HMAC algorithms.
hmac-sha384 password_hash, sha2 Hashes using the SHA-384 and HMAC algorithms.
hmac-sha512 password_hash, sha2 Hashes using the SHA-512 and HMAC algorithms.
md5 md5 Hashes using the MD5 algorithm.
pbkdf2-hmac-md5 pbkdf2, md5 Hashes using the MD5 and PBKDF2 algorithms.
pbkdf2-hmac-sha1 pbkdf2, sha1 Hashes using the SHA-1 and PBKDF2 algorithms.
pbkdf2-hmac-sha224 pbkdf2, sha2 Hashes using the SHA-224 and PBKDF2 algorithms.
pbkdf2-hmac-sha256 pbkdf2, sha2 Hashes using the SHA-256 and PBKDF2 algorithms.
pbkdf2-hmac-sha384 pbkdf2, sha2 Hashes using the SHA-384 and PBKDF2 algorithms.
pbkdf2-hmac-sha512 pbkdf2, sha2 Hashes using the SHA-512 and PBKDF2 algorithms.
sha1 sha1 Hashes using the SHA-1 algorithm.
sha224 sha2 Hashes using the SHA-224 algorithm.
sha256 sha2 Hashes using the SHA-256 algorithm.
sha384 sha2 Hashes using the SHA-384 algorithm.
sha512 sha2 Hashes using the SHA-512 algorithm.

Example Usage

<oper name="Sadie"
      password="7H8Tqm+i$jaG48RHAcoLXSB3Guzaf1bQehaNRNbblMoNrHPdguvU"
      hash="hmac-sha256"
      class="ServerOperators"
      host="*@bnc.example.com"
      type="NetAdmin"
      vhost="staff.example.net"
      autologin="never"
      commands="-* KILL ZLINE"
      privs="users/auspex -servers/auspex"
      chanmodes="-*+P"
      usermodes="H-h"
      snomasks="Aa-Xx">

<options>

The <options> tag defines general configuration options. This tag can only be defined once.

Name Type Default Value Description
cyclehostsfromuser Boolean No Whether to send modes from the user rather than the server when sending a fake rejoin.
defaultbind Text auto The IP version to bind using if an IP address is not specified.
defaultmodes Text not The default modes to apply to newly created channels.
exemptchanops Text None The privileges to exempt ranked channel users from. See the notes for the exemptchanops module for more information.
extbanformat Text any The method to use for normalising extbans.
fixedpart Text None If defined then a static value to replace users' part messages with.
fixedquit Text None If defined then a static value to replace users' quit messages with.
hostintopic Boolean No Whether to show the full user mask of a topic setter rather than just their nickname.
invitebypassmodes Boolean Yes Whether being invited to a channel allows the invitee to bypass channel modes which would otherwise prevent them from joining.
modesinlist Boolean Yes Whether to include the current channel modes in the /LIST output.
nosnoticestack Boolean No Whether to stop identical server notices from being stacked with "last message repeated X times".
prefixpart Text None If defined then the value to prefix users' part messages with.
prefixquit Text None If defined then the value to prefix users' quit messages with.
splitwhois Text no Whether to split private/secret channels from normal channels in WHOIS responses.
suffixpart Text None If defined then the value to suffix users' part messages with.
suffixquit Text None If defined then the value to suffix users' quit messages with.
syntaxhints Boolean No Whether to send syntax hints to users who send commands with not enough parameters.
xlinemessage Text You're banned! The message to send to users who have been banned from the server.

Additionally, the following fields are provided by modules:

Name Type Default Value Module Description
allowmismatch Boolean No spanningtree Whether optionally common modules can be loaded on one server but not the other.
announcets Boolean No spanningtree Whether to announce changes in channel creation time.
pingwarning Duration 15s spanningtree The number of seconds to wait before warning server operators that a server has not responded to a ping.
serverpingfreq Duration 1m spanningtree The number of seconds to wait between pinging servers.

The defaultbind field should be set to one of the following values:

Value Description
auto Bind to :: if IPv6 support is available. Otherwise, bind to 0.0.0.0.
ipv4 Bind to 0.0.0.0 by default.
ipv6 Bind to :: by default.

The extbanformat field should be set to one of the following values:

Value Description
any Do not perform any extban normalisation.
name Normalise extbans to use their name.
letter Normalise extbans to use their letter.

The splitwhois field should be set to one of the following values:

Value Description
no Don't split private/secret channels from normal channels in WHOIS responses.
split Split private/secret channels from normal channels in WHOIS responses.
splitmsg Split private/secret channels from normal channels in WHOIS responses with an explanation.

Example Usage

<options cyclehostsfromuser="no"
         defaultbind="auto"
         defaultmodes="nost"
         exemptchanops=""
         extbanformat="name"
         fixedpart=""
         fixedquit=""
         hostintopic="yes"
         invitebypassmodes="yes"
         nosnoticestack="no"
         modesinlist="no"
         prefixpart="&quot;"
         prefixquit="Quit: "
         splitwhois="no"
         suffixpart="&quot;"
         suffixquit=""
         syntaxhints="yes"
         xlinemessage="You're banned. Email abuse@example.com to appeal this decision.">

<path>

The <path> tag defines the location of the config, data, log, and module directories. This tag can only be defined once.

Name Type Default Value Description
configdir Text conf The location of the config directory.
datadir Text data The location of the data directory.
logdir Text logs The location of the logs directory.
moduledir Text modules The location of the modules directory.
runtimedir Text data The location of the runtime directory.

Example Usage

<path configdir="conf"
      datadir="data"
      logdir="logs"
      moduledir="modules"
      runtimedir="data">

<performance>

The <performance> tag defines configuration options relating to server performance. This tag can only be defined once.

Name Type Default Value Description
clonesonconnect Boolean Yes Whether to check for clones when a user connects to the server.
netbuffersize Number 10240 The size of the buffer used to receive data from users.
softlimit Number Varies The maximum number of connections to allow to the IRC server.
somaxconn Number Varies The maximum number of connections that may be waiting in the connection accept queue.
timeskipwarn Duration 2s The amount of time the server clock can skip by before server operators are warned about lag.

Additionally, the following fields are provided by modules:

Name Type Default Value Module Description
quietbursts Boolean No spanningtree Whether to inform server operators of users who connect during a network merge.

Example Usage

<performance clonesonconnect="yes"
             netbuffersize="10240"
             softlimit="15000"
             somaxconn="128"
             timeskipwarn="2s">

<pid>

The <pid> tag defines the location of the pidfile. This tag can only be defined once.

Name Type Default Value Description
file Text inspircd.pid The location of the pidfile.

Example Usage

<pid file="inspircd.pid">

<security>

The <security> tag defines configuration options relating to server security. This tag can only be defined once.

Name Type Default Value Description
announceinvites Text dynamic Whether to send an announcement when a user is invited to a channel.
customversion Text None A custom string to show in the /VERSION output.
genericoper Boolean No Whether to show "is a server operator" in /WHOIS instead of the server operator's type.
hidebans Boolean No Whether to only show X-line messages to server operators.
hidekills Text None If defined then the text to show in a kill message instead of the name of the server operator who caused the kill.
hideserver Text None If defined then the text to show in place of a server name.
hidesplits Boolean No Whether to hide server names in netsplit quits from non-server operators.
hideservicekills Boolean No Whether to hide server notices about kills by users on services servers.
maxtargets Number 20 The maximum number of targets a user may specify in a command.
restrictbannedusers Text Yes Whether to restrict the behaviour of users who are banned in a channel.
runasgroup Text None If defined then the group to switch to after starting up (requires starting as root).
runasuser Text None If defined then the user to switch to after starting up (requires starting as root).
userstats Text Pu (since 3.11.0)
None (3.0.0 to 3.10.0)
The /STATS characters that a non-server operator can view.

Additionally, the following fields are provided by modules:

Name Type Default Value Module Description
flatlinks Boolean No spanningtree Whether to flatten the output of /LINKS to avoid leaking network architecture.
hideservices Boolean No spanningtree Whether to hide services servers from the output of /LINKS and /MAP.
hidesplits Boolean No spanningtree Whether to show *.net *.split instead of the server names when a netsplit happens
maphide Text None maphide Required! The URL to provide to users who run the /MAP and /LINKS commands.

The announceinvites field should be set to one of the following values:

Value Description
none Don't send any invite announcements.
ops Send invite announcements to channel operators and higher ranked users.
dynamic Send invites to channel half-operators (if available) and higher ranked users.
all Send invites to all channel members.

The restrictbannedusers field should be set to one of the following values:

Value Description
yes Banned users should be restricted.
no Banned users should not be restricted.
silent Banned users should be restricted but should not be informed.

Example Usage

<security announceinvites="dynamic"
          customversion=""
          genericoper="no"
          hidebans="yes"
          hidekills=""
          hideserver=""
          hidesplits="no"
          hideservicekills="yes"
          maxtargets="20"
          restrictbannedusers="yes"
          runasgroup=""
          runasuser=""
          userstats="Pu">

<server>

The <server> tag defines settings about the local server. This tag can only be defined once.

Name Type Default Value Description
name Text None Required! The hostname of the local server.
description Text Configure Me A description of the local server.
network Text Network The name of the IRC network the local server is attached to.
id Text None If defined then a unique server identifier in the format [0-9][0-9A-Z][0-9A-Z].

Example Usage

<server name="irc.eu.example.com"
        description="ExampleNet's European server"
        network="ExampleNet"
        id="34C">

<type>

The <type> tag defines a type of server operator. This tag can be defined as many times as required.

Name Type Default Value Description
class Text None If defined then a connect class to assign users who log into this server operator account to.
classes Text None If defined then a space-delimited list of <class> tags to inherit privileges from.
name Text None Required! The name for this server operator type.
vhost Text None If defined then a virtual hostname to set on users who log into a server operator account using this type.
autologin Text never Whether to automatically log server operators using this type in when they connect to the server.
commands Text None A space-delimited list of server operator-only commands that server operators of this type can execute.
privs Text None A space-delimited list of server operator privileges that server operators of this type has. This is in addition to the privileges from the operator classes.
chanmodes Text None The server operator-only channel modes that server operators of this type can change. This is in addition to the channel modes from the operator classes.
usermodes Text None The server operator-only user modes that server operators of this type can change. This is in addition the user modes from the operator classes.
snomasks Text None The server operator-only snomasks that server operators of this type can change. This is in addition the snomasks from the operator classes.

Additionally, the following fields are provided by modules:

Name Type Default Value Module Description
account Text None account If defined then a space-delimited list of user account names or account identifiers to check against this server operator's account.
autojoin Text None operjoin A comma-delimited list of channels for server operators to be joined to when logging into their server operator account.
automotd Boolean Yes opermotd Whether to send the server operator message of the day to server operators when they log into their server operator account.
fingerprint Text None sslinfo If defined then a space-delimited list of TLS (SSL) client certificate fingerprints to check against this server operator's TLS (SSL) client certificate.
level Number 0 operlevels The rank to give to the server operators.
modes Text None opermodes The user modes to set on server operators when they log into their server operator account.
motd Text opermotd opermotd The file path or name of the field in <files> / <execfiles> to use when reading the server operator message of the day.
sslonly Boolean No sslinfo Whether this server operator must be connected using TLS (SSL) to log into their account.
swhois Text None swhois If defined then defines a custom line to add to the server operator's WHOIS response.

The autologin field should be set to one of the following values:

Value Description
never Do not automatically log users in to a server operator account.
relaxed Automatically log users into a server operator account if their details (account/host/sslonly/etc) match.
strict Automatically log users into a server operator account if their details (account/host/sslonly/etc) match and their nick is the same as the account name.

Example Usage

<type name="NetAdmin"
      class="ServerOperators"
      classes="BanControl HostCloak OperChat SACommands ServerLink Shutdown"
      vhost="staff.example.net"
      autologin="never"
      commands="-* KILL ZLINE"
      privs="users/auspex -servers/auspex"
      chanmodes="-*+P"
      usermodes="H-h"
      snomasks="Aa-Xx">

<whowas>

The <whowas> tag defines the configuration of the /WHOWAS database. This tag can only be defined once.

Name Type Default Value Description
groupsize Number 0 The maximum number of /WHOWAS entries for a nickname.
maxgroups Number 0 The maximum number of /WHOWAS nickname groups.
maxkeep Duration 1h The period of time to keep /WHOWAS records for.

Example Usage

<whowas groupsize="10"
        maxgroups="100000"
        maxkeep="3d">