diff --git a/Dockerfile b/Dockerfile index edda66e..4030292 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,42 +1,41 @@ -FROM alpine:3.23 - -LABEL org.opencontainers.image.authors="Anope Team " +FROM alpine:3.23 AS builder ARG VERSION=2.0 -ARG RUN_DEPENDENCIES="gnutls gnutls-utils mariadb-client mariadb-connector-c sqlite-libs" ARG BUILD_DEPENDENCIES="gnutls-dev mariadb-dev sqlite-dev" ARG EXTRA_MODULES="m_mysql m_sqlite m_ssl_gnutls" -RUN apk add --no-cache --virtual .build-utils gcc g++ ninja git cmake $BUILD_DEPENDENCIES && \ - apk add --no-cache --virtual .dependencies libgcc libstdc++ $RUN_DEPENDENCIES && \ - # Create a user to run anope later - adduser -u 10000 -h /anope/ -D -S anope && \ +RUN apk add --no-cache gcc g++ ninja git cmake $BUILD_DEPENDENCIES && \ mkdir -p /src && \ cd /src && \ - # Clone the requested version git clone --depth 1 https://github.com/anope/anope.git anope -b $VERSION && \ cd /src/anope && \ - # Add and overwrite modules for module in $EXTRA_MODULES; do ln -s /src/anope/modules/extra/$module.cpp modules; done && \ mkdir build && \ cd /src/anope/build && \ cmake -DINSTDIR=/anope/ -DDEFUMASK=077 -DCMAKE_BUILD_TYPE=RELEASE -GNinja .. && \ - # Run build multi-threaded - ninja install && \ - # Uninstall all unnecessary tools after build process - apk del .build-utils && \ - rm -rf /src && \ - # Provide a data location + ninja install + +FROM alpine:3.23 + +LABEL org.opencontainers.image.authors="Anope Team " + +ARG RUN_DEPENDENCIES="gnutls gnutls-utils mariadb-client mariadb-connector-c sqlite-libs" + +RUN apk add --no-cache libgcc libstdc++ $RUN_DEPENDENCIES && \ + adduser -u 10000 -h /anope/ -D -S anope && \ mkdir -p /data && \ - touch /data/anope.db && \ - ln -s /data/anope.db /anope/data/anope.db && \ - # Make sure everything is owned by anope + touch /data/anope.db + +COPY --from=builder /anope /anope + +RUN ln -s /data/anope.db /anope/data/anope.db && \ chown -R anope /anope/ && \ chown -R anope /data/ COPY ./conf/ /anope/conf/ -RUN chown -R anope /anope/conf/ +RUN chown -R anope /anope/conf/ && \ + chmod 755 /anope/conf/*.sh WORKDIR /anope/ @@ -44,4 +43,4 @@ VOLUME /data/ USER anope -CMD ["/anope/bin/services", "-n"] +CMD ["/anope/bin/services", "--nofork"] diff --git a/README.md b/README.md index 1b4f2ab..167891c 100644 --- a/README.md +++ b/README.md @@ -25,22 +25,113 @@ $ docker run --name anope -v /path/to/your/config:/anope/conf/ anope/anope ``` -## Generated configuration +# Configuration This image provides various options to configure it by environment variables. -Use the following environment variables to configure your container: +## Server Information |Available variables |Default value |Description | |-------------------------|--------------------------------|--------------------------------------------| |`ANOPE_SERVICES_NAME` |`services.localhost.net` |Name of the services. *Important for uplink*| +|`ANOPE_SERVICES_DESCRIPTION`|`Services for IRC Networks` |Description of the services | |`ANOPE_SERVICES_VHOST` |`services.localhost.net` |Host used by services pseudo clients | + +## Uplink Configuration + +|Available variables |Default value |Description | +|-------------------------|--------------------------------|--------------------------------------------| |`ANOPE_UPLINK_IP` |no default |DNS name or IP of the uplink host | |`ANOPE_UPLINK_PORT` |`7000` |Port used to connect to uplink host | |`ANOPE_UPLINK_PASSWORD` |no default |Password used to authenticate against uplink| +|`ANOPE_UPLINK_PASSWORD_FILE`|no default |File containing password used to authenticate against uplink| +|`ANOPE_UPLINK_IPV6` |`no` |Enable if Services should connect using IPv6| +|`ANOPE_UPLINK_SSL` |`no` |Enable if Services should connect using SSL | +## Network Information + +|Available variables |Default value |Description | +|-------------------------|--------------------------------|--------------------------------------------| +|`ANOPE_NETWORK_NAME` |`LocalNet` |Name of the network | +|`ANOPE_NICKLEN` |`31` |Maximum allowed nick length | +|`ANOPE_USERLEN` |`10` |Maximum allowed ident length | +|`ANOPE_HOSTLEN` |`64` |Maximum allowed hostname length | +|`ANOPE_CHANLEN` |`32` |Maximum allowed channel length | +|`ANOPE_MODELISTSIZE` |`100` |Maximum number of list modes settable | -## Database configuration +## Options + +|Available variables |Default value |Description | +|-------------------------|--------------------------------|--------------------------------------------| +|`ANOPE_CASEMAP` |`ascii` |Case mapping used by services | +|`ANOPE_BADPASSLIMIT` |`5` |Invalid password tries before kill | +|`ANOPE_BADPASSTIMEOUT` |`1h` |Time after which invalid passwords are forgotten| +|`ANOPE_UPDATETIMEOUT` |`2m` |Delay between automatic database updates | +|`ANOPE_EXPIRETIMEOUT` |`30m` |Delay between checks for expired nicks/chans| +|`ANOPE_READTIMEOUT` |`5s` |Timeout period for reading from the uplink | +|`ANOPE_TIMEOUTCHECK` |`3s` |Frequency at which the timeout list is checked| +|`ANOPE_RETRYWAIT` |`60s` |Wait time between connection retries | +|`ANOPE_HIDEPRIVILEGEDCOMMANDS`|`yes` |Hide commands users can't execute | +|`ANOPE_HIDEREGISTEREDCOMMANDS`|`yes` |Hide commands unregistered users can't execute| +|`ANOPE_DIDYOUMEANDIFFERENCE`|`4` |Max difference for command suggestions | +|`ANOPE_CODELENGTH` |`15` |Length of confirmation codes | +|`ANOPE_LINELENGTH` |`100` |Max bytes to wrap services messages | +|`ANOPE_REGEXENGINE` |`regex/stdlib` |Regex engine to use | +|`ANOPE_LANGUAGES` |`de_DE.UTF-8 ...` |List of languages to load | +|`ANOPE_DEFAULTLANGUAGE` |`es_ES.UTF-8` |Default language for users | + +## Mail Configuration + +|Available variables |Default value |Description | +|-------------------------|--------------------------------|--------------------------------------------| +|`ANOPE_USEMAIL` |`no` |Enable mail commands | +|`ANOPE_SENDMAILPATH` |`/usr/sbin/sendmail -t` |Command used for sending emails | +|`ANOPE_SENDFROM` |`services@localhost.net` |Email address to send from | +|`ANOPE_MAILDELAY` |`5m` |Minimum time between emails | +|`ANOPE_DONTQUOTEADDRESSES`|`yes` |Don't quote TO: fields | +|`ANOPE_MAIL_CONTENT_TYPE`|`text/plain; charset=UTF-8` |Content type for emails | +|`ANOPE_MAIL_REGISTRATION_SUBJECT`|`Nickname registration for {nick}`|Subject for registration emails| +|`ANOPE_MAIL_REGISTRATION_MESSAGE`|no default |Message for registration emails | +|`ANOPE_MAIL_RESET_SUBJECT`|`Reset password request for {nick}`|Subject for password reset emails | +|`ANOPE_MAIL_RESET_MESSAGE`|no default |Message for password reset emails | +|`ANOPE_MAIL_EMAILCHANGE_SUBJECT`|`Email confirmation` |Subject for email change emails | +|`ANOPE_MAIL_EMAILCHANGE_MESSAGE`|no default |Message for email change emails | +|`ANOPE_MAIL_MEMO_SUBJECT`|`New memo` |Subject for memo emails | +|`ANOPE_MAIL_MEMO_MESSAGE`|no default |Message for memo emails | + +## Webcpanel Configuration + +|Available variables |Default value |Description | +|-------------------------|--------------------------------|--------------------------------------------| +|`ANOPE_WEBCPANEL_ENABLE` |`no` |Enable webcpanel | +|`ANOPE_WEBCPANEL_TITLE` |`Anope IRC Services` |Page title | +|`ANOPE_HTTPD_IP` |`0.0.0.0` |IP to listen on | +|`ANOPE_HTTPD_PORT` |`8080` |Port to listen on | +|`ANOPE_HTTPD_SSL` |`no` |Listen using SSL | + +## Operators + +You can configure up to 20 operators using indexed variables `ANOPE_x_...` where `x` is a number from 0 to 19. + +|Available variables |Default value |Description | +|-------------------------|--------------------------------|--------------------------------------------| +|`ANOPE_x_NAME` |no default |Oper's Nickname (Required) | +|`ANOPE_x_TYPE` |`Services Root` |Opertype | +|`ANOPE_x_REQUIRE_OPER` |`yes` |Require the oper to be oper'd on the ircd | +|`ANOPE_x_PASSWORD` |no default |Optional password for oper access | +|`ANOPE_x_PASSWORD_FILE` |no default |File containing password for oper access | +|`ANOPE_x_CERTFP` |no default |Secure Cert finger print for oper access | +|`ANOPE_x_HOST` |no default |Space separated Hostmask(s) for this oper | +|`ANOPE_x_VHOST` |no default |Oper Vhost | + +Available `ANOPE_x_TYPE` values (from `services.conf`): +* `Services Root` (Default): Full access to all commands and privileges. +* `Services Administrator`: Access to most administrative commands (BotServ, ChanServ, NickServ, OperServ, Global). +* `Services Operator`: Access to basic operator commands (ChanServ, MemoServ, NickServ, OperServ). +* `Helper`: Access to HostServ commands. + + +## Database Configuration This image provides two way to configure database handling. You can use sqlite inside a volume or an external mysqldb. @@ -67,7 +158,10 @@ For a production setup MySQL is the recommended way to set this image up. Checko |`ANOPE_MYSQL_PORT` |`3306` |Port used to access the mysql database | |`ANOPE_MYSQL_USER` |`anope` |Username for the MySQL database | |`ANOPE_MYSQL_PASSWORD` |no default |Password for the `ANOPE_MYSQL_USER` | +|`ANOPE_MYSQL_PASSWORD_FILE`|no default |File containing password for the `ANOPE_MYSQL_USER`| |`ANOPE_SQL_LIVE` |`no` |Enable Anope SQL-DB live feature | +|`ANOPE_SQL_PREFIX` |`anope_db_` |Prefix for SQL tables | +|`ANOPE_SQL_IMPORT` |`false` |Import data from another DB module on startup| # Updates and updating @@ -107,4 +201,3 @@ You can also reach many of the project maintainers via the `#anope` IRC channel ## Contributing You are invited to contribute new features, fixes, or updates, large or small; we are always thrilled to receive pull requests, and do our best to process them as fast as we can. - diff --git a/conf/config.sh b/conf/config.sh index 3d8f363..d402a2a 100755 --- a/conf/config.sh +++ b/conf/config.sh @@ -6,10 +6,4 @@ define name = "services.host" value = "${ANOPE_SERVICES_VHOST:-services.localhost.net}" } - -define -{ - name = "services.name" - value = "${ANOPE_SERVICES_NAME:-services.localhost.net}" -} EOF diff --git a/conf/database.sh b/conf/database.sh index 8b03c6e..6f2c281 100755 --- a/conf/database.sh +++ b/conf/database.sh @@ -1,5 +1,9 @@ #!/bin/sh +if [ -n "$ANOPE_MYSQL_PASSWORD_FILE" ]; then + ANOPE_MYSQL_PASSWORD=$(cat "$ANOPE_MYSQL_PASSWORD_FILE") +fi + if [ "$ANOPE_SQL_LIVE" = "yes" ]; then ANOPE_SQL_LIVE="_live" else @@ -19,7 +23,8 @@ cat < 1) print "\\n" + print $0 + } + ' +} + +if [ -z "$ANOPE_MAIL_REGISTRATION_MESSAGE" ]; then + ANOPE_MAIL_REGISTRATION_MESSAGE="Hi, + + You have requested to register the nickname {nick} on {network}. + Please type \" /msg NickServ CONFIRM REGISTER {code} \" to complete registration. + + If you don't know why this mail was sent to you, please ignore it silently. + + {network} administrators." +fi + +if [ -z "$ANOPE_MAIL_RESET_MESSAGE" ]; then + ANOPE_MAIL_RESET_MESSAGE="Hi, + + You have requested to have the password for {nick} reset. + To reset your password, type \" /msg NickServ CONFIRM RESETPASS {nick} {code} \" + + If you don't know why this mail was sent to you, please ignore it silently. + + {network} administrators." +fi + +if [ -z "$ANOPE_MAIL_EMAILCHANGE_MESSAGE" ]; then + ANOPE_MAIL_EMAILCHANGE_MESSAGE="Hi, + + You have requested to change your email address from {old_email} to {new_email}. + Please type \" /msg NickServ CONFIRM EMAIL {code} \" to confirm this change. + + If you don't know why this mail was sent to you, please ignore it silently. + + {network} administrators." +fi + +if [ -z "$ANOPE_MAIL_MEMO_MESSAGE" ]; then + ANOPE_MAIL_MEMO_MESSAGE="Hi {receiver}, + + You've just received a new memo from {sender}. This is memo number {number}. + + Memo text: + + {text}" +fi + +ANOPE_MAIL_REGISTRATION_MESSAGE=$(sanitize "$ANOPE_MAIL_REGISTRATION_MESSAGE") +ANOPE_MAIL_RESET_MESSAGE=$(sanitize "$ANOPE_MAIL_RESET_MESSAGE") +ANOPE_MAIL_EMAILCHANGE_MESSAGE=$(sanitize "$ANOPE_MAIL_EMAILCHANGE_MESSAGE") +ANOPE_MAIL_MEMO_MESSAGE=$(sanitize "$ANOPE_MAIL_MEMO_MESSAGE") + +cat < + * + * + * + * - * - * + * * * An example configuration for UnrealIRCd that is compatible with the below uplink * and serverinfo configuration would look like: * - * link services.localhost.net - * { - * username *; - * hostname *; - * bind-ip "127.0.0.1"; - * port 7000; - * hub *; - * password-connect "mypassword"; - * password-receive "mypassword"; - * class servers; + * // This goes in unrealircd.conf, *NOT* your Anope config! + * listen { + * ip 127.0.0.1; + * port 7000; + * options { + * serversonly; + * }; + * }; + * link services.example.com { + * incoming { + * mask *@127.0.0.1; + * }; + * password "mypassword"; + * class servers; * }; - * ulines { services.localhost.net; }; - * listen 127.0.0.1:7000; + * ulines { services.example.com; }; */ include @@ -167,104 +142,11 @@ include name = "/anope/conf/uplink.sh" } -/* - * [DISABLED] Uplink configuration - * - *The uplink configuration is done by `/anope/conf/uplink.sh`. So the direct uplink settings are disabled - */ -//uplink -{ - /* - * The IP or hostname of the IRC server you wish to connect Services to. - * Usually, you will want to connect Services over 127.0.0.1 (aka localhost). - * - * NOTE: On some shell providers, this will not be an option. - */ - host = "127.0.0.1" - - /* - * Enable if Services should connect using IPv6. - */ - ipv6 = no - - /* - * Enable if Services should connect using SSL. - * You must have an SSL module loaded for this to work. - */ - ssl = no - - /* - * The port to connect to. - * The IRCd *MUST* be configured to listen on this port, and to accept - * server connections. - * - * Refer to your IRCd documentation for how this is to be done. - */ - port = 7000 - - /* - * The password to send to the IRC server for authentication. - * This must match the link block on your IRCd. - * - * Refer to your IRCd documentation for more information on link blocks. - */ - password = "mypassword" -} include { - type = "file" - name = "serverinfo.conf" -} - -/* - * [REQUIRED] Server Information - * - * This section contains information about the Services server. - */ -// serverinfo -{ - /* - * The hostname that Services will be seen as, it must have no conflicts with any - * other server names on the rest of your IRC network. Note that it does not have - * to be an existing hostname, just one that isn't on your network already. - */ - name = "services.name" - - /* - * The text which should appear as the server's information in /whois and similar - * queries. - */ - description = "Services for IRC Networks" - - /* - * The local address that Services will bind to before connecting to the remote - * server. This may be useful for multihomed hosts. If omitted, Services will let - * the Operating System choose the local address. This directive is optional. - * - * If you don't know what this means or don't need to use it, just leave this - * directive commented out. - */ - #localhost = "nowhere." - - /* - * What Server ID to use for this connection? - * Note: This should *ONLY* be used for TS6/P10 IRCds. Refer to your IRCd documentation - * to see if this is needed. - */ - #id = "00A" - - /* - * The filename containing the Services process ID. The path is relative to the - * services root directory. - */ - pid = "/tmp/services.pid" - - /* - * The filename containing the Message of the Day. The path is relative to the - * services root directory. - */ - motd = "conf/services.motd" + type = "executable" + name = "/anope/conf/serverinfo.sh" } /* @@ -279,11 +161,12 @@ include * - hybrid * - inspircd12 * - inspircd20 + * - inspircd3 (for 3.x and 4.x) * - ngircd * - plexus * - ratbox * - unreal (for 3.2.x) - * - unreal4 + * - unreal4 (for 4.x or later) */ module { @@ -306,84 +189,10 @@ module use_server_side_topiclock = yes } -/* - * [REQUIRED] Network Information - * - * This section contains information about the IRC network that Services will be - * connecting to. - */ -networkinfo +include { - /* - * This is the name of the network that Services will be running on. - */ - networkname = "LocalNet" - - /* - * Set this to the maximum allowed nick length on your network. - * Be sure to set this correctly, as setting this wrong can result in - * Services being disconnected from the network. - */ - nicklen = 31 - - /* Set this to the maximum allowed ident length on your network. - * Be sure to set this correctly, as setting this wrong can result in - * Services being disconnected from the network. - */ - userlen = 10 - - /* Set this to the maximum allowed hostname length on your network. - * Be sure to set this correctly, as setting this wrong can result in - * Services being disconnected from the network. - */ - hostlen = 64 - - /* Set this to the maximum allowed channel length on your network. - */ - chanlen = 32 - - /* The maximum number of list modes settable on a channel (such as b, e, I). - * Comment out or set to 0 to disable. - */ - modelistsize = 100 - - /* - * Characters allowed in nicknames. This always includes the characters described - * in RFC1459, and so does not need to be set for normal behavior. Changing this to - * include characters your IRCd doesn't support will cause your IRCd and/or Services - * to break. Multibyte characters are not supported, nor are escape sequences. - * - * It is recommended you DON'T change this. - */ - #nick_chars = "" - - /* - * The characters allowed in hostnames. This is used for validating hostnames given - * to services, such as BotServ bot hostnames and user vhosts. Changing this is not - * recommended unless you know for sure your IRCd supports whatever characters you are - * wanting to use. Telling services to set a vHost containing characters your IRCd - * disallows could potentially break the IRCd and/or Services. - * - * It is recommended you DON'T change this. - */ - vhost_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-" - - /* - * If set to true, allows vHosts to not contain dots (.). - * Newer IRCds generally do not have a problem with this, but the same warning as - * vhost_chars applies. - * - * It is recommended you DON'T change this. - */ - allow_undotted_vhosts = false - - /* - * The characters that are not allowed to be at the very beginning or very ending - * of a vHost. The same warning as vhost_chars applies. - * - * It is recommended you DON'T change this. - */ - disallow_start_or_end = ".-" + type = "executable" + name = "/anope/conf/networkinfo.sh" } /* @@ -391,190 +200,10 @@ networkinfo * * This section contains various options which determine how Services will operate. */ -options +include { - /* - * On Linux/UNIX systems Anope can setuid and setgid to this user and group - * after starting up. This is useful if Anope has to bind to privileged ports - */ - #user = "anope" - #group = "anope" - - /* - * The case mapping used by services. This must be set to a valid locale name - * installed on your machine. Services use this case map to compare, with - * case insensitivity, things such as nick names, channel names, etc. - * - * We provide two special casemaps shipped with Anope, ascii and rfc1459. - * - * This value should be set to what your IRCd uses, which is probably rfc1459, - * however Anope has always used ascii for comparison, so the default is ascii. - * - * Changing this value once set is not recommended. - */ - casemap = "ascii" - - /* - * This key is used to initiate the random number generator. This number - * MUST be random as you want your passcodes to be random. Don't give this - * key to anyone! Keep it private! - * - * NOTE: If you don't uncomment this or keep the default values, any talented - * programmer would be able to easily "guess" random strings used to mask - * information. Be safe, and come up with a 7-digit number. - * - * This directive is optional, but highly recommended. - */ - #seed = 9866235 - - /* - * If set, Services will perform more stringent checks on passwords. If this - * isn't set, Services will only disallow a password if it is the same as the - * entity (nickname name) with which it is associated. When set, however, - * Services will also check that the password is at least five - * characters long, and in the future will probably check other things - * as well. - * - * This directive is optional, but recommended. - */ - strictpasswords = yes - - /* - * Sets the number of invalid password tries before Services removes a user - * from the network. If a user enters a number of invalid passwords equal to - * the given amount for any Services function or combination of functions - * during a single IRC session (subject to badpasstimeout, below), Services - * will issues a /KILL for the user. If not given, Services will ignore - * failed password attempts (though they will be logged in any case). - * - * This directive is optional, but recommended. - */ - badpasslimit = 5 - - /* - * Sets the time after which invalid passwords are forgotten about. If a user - * does not enter any incorrect passwords in this amount of time, the incorrect - * password count will reset to zero. If not given, the timeout will be - * disabled, and the incorrect password count will never be reset until the user - * disconnects. - * - * This directive is optional. - */ - badpasstimeout = 1h - - /* - * Sets the delay between automatic database updates. - */ - updatetimeout = 5m - - /* - * Sets the delay between checks for expired nicknames and channels. - */ - expiretimeout = 30m - - /* - * Sets the timeout period for reading from the uplink. - */ - readtimeout = 5s - - /* - * Sets the interval between sending warning messages for program errors via - * WALLOPS/GLOBOPS. - */ - warningtimeout = 4h - - /* - * Sets the (maximum) frequency at which the timeout list is checked. This, - * combined with readtimeout above, determines how accurately timed events, - * such as nick kills, occur; it also determines how much CPU time Services - * will use doing this. Higher values will cause less accurate timing but - * less CPU usage. - * - * Note that this value is not an absolute limit on the period between - * checks of the timeout list; the previous may be as great as readtimeout - * (above) during periods of inactivity. - * - * If this directive is not given, it will default to 0. - */ - timeoutcheck = 3s - - /* - * If set, this will allow users to let Services send PRIVMSGs to them - * instead of NOTICEs. Also see the "msg" option of nickserv:defaults, - * which also toggles the default communication (PRIVMSG or NOTICE) to - * use for unregistered users. - * - * This is a feature that is against the IRC RFC and should be used ONLY - * if absolutely necessary. - * - * This directive is optional, and not recommended. - */ - #useprivmsg = yes - - /* - * If set, will force Services to only respond to PRIVMSGs addresses to - * Nick@ServerName - e.g. NickServ@localhost.net. This should be used in - * conjunction with IRCd aliases. This directive is optional. - * - * This option will have no effect on some IRCds, such as TS6 IRCds. - */ - #usestrictprivmsg = yes - - /* - * If set, Services will only show /stats o to IRC Operators. This directive - * is optional. - */ - #hidestatso = yes - - /* - * A space-separated list of ulined servers on your network, it is assumed that - * the servers in this list are allowed to set channel modes and Services will - * not attempt to reverse their mode changes. - * - * WARNING: Do NOT put your normal IRC user servers in this directive. - * - * This directive is optional. - */ - #ulineservers = "stats.your.network" - - /* - * How long to wait between connection retries with the uplink(s). - */ - retrywait = 60s - - /* - * If set, Services will hide commands that users don't have the privilege to execute - * from HELP output. - */ - hideprivilegedcommands = yes - - /* - * If set, Services will hide commands that users can't execute because they are not - * logged in from HELP output. - */ - hideregisteredcommands = yes - - /* The regex engine to use, as provided by the regex modules. - * Leave commented to disable regex matching. - * - * Note for this to work the regex module providing the regex engine must be loaded. - */ - #regexengine = "regex/pcre" - - /* - * A list of languages to load on startup that will be available in /nickserv set language. - * Useful if you translate Anope to your language. (Explained further in docs/LANGUAGE). - * Note that english should not be listed here because it is the base language. - * - * Removing .UTF-8 will instead use the default encoding for the language, eg. iso-8859-1 for western European languages. - */ - languages = "ca_ES.UTF-8 de_DE.UTF-8 el_GR.UTF-8 es_ES.UTF-8 fr_FR.UTF-8 hu_HU.UTF-8 it_IT.UTF-8 nl_NL.UTF-8 pl_PL.UTF-8 pt_PT.UTF-8 ru_RU.UTF-8 tr_TR.UTF-8" - - /* - * Default language that non- and newly-registered nicks will receive messages in. - * Set to "en" to enable English. Defaults to the language the system uses. - */ - #defaultlanguage = "es_ES.UTF-8" + type = "executable" + name = "/anope/conf/options.sh" } /* @@ -682,6 +311,8 @@ log * - a channel name * - a filename * - globops + * + * If you specify a filename the current date in the format ".YYYYMMDD" will be appended to the path. */ target = "services.log" @@ -695,19 +326,19 @@ log /* * The source(s) to only accept log messages from. Leave commented to allow all sources. - * This can be a users name, a channel name, one of our clients (eg, OperServ), or a server name. + * This can be a users name, a channel name, one of our clients (e.g. OperServ), or a server name. */ #source = "" /* - * The bot used to log generic messages which have no predefined sender if there - * is a channel in the target directive. + * The bot used to log generic messages which have no predefined sender if the + * target directive is set to a channel or globops. */ bot = "Global" /* - * The number of days to keep logfiles, only useful if you are logging to a file. - * Set to 0 to never delete old logfiles. + * The number of days to keep log files, only useful if you are logging to a file. + * Set to 0 to never delete old log files. * * Note that Anope must run 24 hours a day for this feature to work correctly. */ @@ -732,7 +363,7 @@ log * means "* ~operserv/*" would log everything because * matches everything. * * Valid admin, override, and command options are: - * pesudo-serv/commandname (eg, operserv/akill, chanserv/set) + * pseudo-serv/commandname (e.g. operserv/akill, chanserv/set) * * Valid server options are: * connect, quit, sync, squit @@ -763,6 +394,7 @@ log */ log { + bot = "Global" target = "globops" admin = "global/* operserv/chankill operserv/mode operserv/kick operserv/akill operserv/s*line operserv/noop operserv/jupe operserv/oline operserv/set operserv/svsnick operserv/svsjoin operserv/svspart nickserv/getpass */drop" servers = "squit" @@ -789,17 +421,18 @@ log * chanserv/administration - Can modify the settings of any channel (including changing of the owner!) * chanserv/access/list - Can view channel access and akick lists, but not modify them * chanserv/access/modify - Can modify channel access and akick lists, and use /chanserv enforce - * chanserv/auspex - Can see any information with /chanserv info + * chanserv/auspex - Can see any information with /CHANSERV INFO * chanserv/no-register-limit - May register an unlimited number of channels and nicknames * chanserv/kick - Can kick and ban users from channels through ChanServ - * memoserv/info - Can see any information with /memoserv info + * memoserv/info - Can see any information with /MEMOSERV INFO * memoserv/set-limit - Can set the limit of max stored memos on any user and channel * memoserv/no-limit - Can send memos through limits and throttles * nickserv/access - Can modify other users access and certificate lists * nickserv/alist - Can see the channel access list of other users - * nickserv/auspex - Can see any information with /nickserv info + * nickserv/auspex - Can see any information with /NICKSERV INFO * nickserv/confirm - Can confirm other users nicknames * nickserv/drop - Can drop other users nicks + * nickserv/recover - Can recover other users nicks * operserv/config - Can modify services's configuration * operserv/oper/modify - Can add and remove operators with at most the same privileges * protected - Can not be kicked from channels by Services @@ -839,6 +472,9 @@ log * These can contain commands for oper-only strings (see above) which grants access to that specific command, * and privileges (which grant access to more general permissions for the named area). * Wildcard entries are permitted for both, e.g. 'commands = "operserv/*"' for all OperServ commands. + * You can also negate values with a ~. For example, "~operserv/akill operserv/*" would allow all OperServ + * commands except for operserv/akill. Note that processing stops at the first matching option, which + * means "* ~operserv/*" would allow everything because * matches everything. * * Below are some default example types, but this is by no means exhaustive, * and it is recommended that you configure them to your needs. @@ -898,167 +534,16 @@ opertype privs = "*" } -/* - * After defining different types of operators in the above opertype section, we now define who is in these groups - * through 'oper' blocks, similar to ircd access. - * - * The default is to comment these out (so NOBODY will have Services access). - * You probably want to add yourself and a few other people at minimum. - * - * As with all permissions, make sure to only give trustworthy people access to Services. - */ - -#oper -{ - /* The nickname of this services oper */ - #name = "nick1" - - /* The opertype this person will have */ - type = "Services Root" - - /* If set, the user must be an oper on the IRCd to gain their Services - * oper privileges. - */ - require_oper = yes - - /* An optional password. If defined the user must login using "/msg OperServ LOGIN" first */ - #password = "secret" - - /* An optional SSL fingerprint. If defined, it's required to be able to use this opertype. */ - #certfp = "ed3383b3f7d74e89433ddaa4a6e5b2d7" - - /* An optional list of user@host masks. If defined the user must be connected from one of them */ - #host = "*@*.anope.org ident@*" - - /* An optional vHost to set on users who identify for this oper block. - * This will override HostServ vHosts, and may not be available on all IRCds - */ - #vhost = "oper.mynet" -} - -#oper -{ - name = "nick2" - type = "Services Administrator" -} - -#oper +include { - name = "nick3" - type = "Helper" + type = "executable" + name = "/anope/conf/opers.sh" } -/* - * [OPTIONAL] Mail Config - * - * This section contains settings related to the use of e-mail from Services. - * If the usemail directive is set to yes, unless specified otherwise, all other - * directives are required. - * - * NOTE: Users can find the IP of the machine services is running on by examining - * mail headers. If you do not want your IP known, you should set up a mail relay - * to strip the relevant headers. - */ -mail +include { - /* - * If set, this option enables the mail commands in Services. You may choose - * to disable it if you have no Sendmail-compatible mailer installed. Whilst - * this directive (and entire block) is optional, it is required if - * nickserv:registration is set to yes. - */ - usemail = no - - /* - * This is the command-line that will be used to call the mailer to send an - * e-mail. It must be called with all the parameters needed to make it - * scan the mail input to find the mail recipient; consult your mailer - * documentation. - * - * Postfix users must use the compatible sendmail utility provided with - * it. This one usually needs no parameters on the command-line. Most - * sendmail applications (or replacements of it) require the -t option - * to be used. - */ - sendmailpath = "/usr/sbin/sendmail -t" - - /* - * This is the e-mail address from which all the e-mails are to be sent from. - * It should really exist. - */ - sendfrom = "services@localhost.net" - - /* - * This controls the minimum amount of time a user must wait before sending - * another e-mail after they have sent one. It also controls the minimum time - * a user must wait before they can receive another e-mail. - * - * This feature prevents users from being mail bombed using Services and - * it is highly recommended that it be used. - * - * This directive is optional, but highly recommended. - */ - delay = 5m - - /* - * If set, Services will not attempt to put quotes around the TO: fields - * in e-mails. - * - * This directive is optional, and as far as we know, it's only needed - * if you are using ESMTP or QMail to send out e-mails. - */ - #dontquoteaddresses = yes - - /* - * The subject and message of emails sent to users when they register accounts. - */ - registration_subject = "Nickname registration for %n" - registration_message = "Hi, - - You have requested to register the nickname %n on %N. - Please type \" /msg NickServ CONFIRM %c \" to complete registration. - - If you don't know why this mail was sent to you, please ignore it silently. - - %N administrators." - - /* - * The subject and message of emails sent to users when they request a new password. - */ - reset_subject = "Reset password request for %n" - reset_message = "Hi, - - You have requested to have the password for %n reset. - To reset your password, type \" /msg NickServ CONFIRM %n %c \" - - If you don't know why this mail was sent to you, please ignore it silently. - - %N administrators." - - /* - * The subject and message of emails sent to users when they request a new email address. - */ - emailchange_subject = "Email confirmation" - emailchange_message = "Hi, - - You have requested to change your email address from %e to %E. - Please type \" /msg NickServ CONFIRM %c \" to confirm this change. - - If you don't know why this mail was sent to you, please ignore it silently. - - %N administrators." - - /* - * The subject and message of emails sent to users when they receive a new memo. - */ - memo_subject = "New memo" - memo_message = "Hi %n, - - You've just received a new memo from %s. This is memo number %d. - - Memo text: - - %t" + type = "executable" + name = "/anope/conf/mail.sh" } /* @@ -1075,127 +560,10 @@ include name = "/anope/conf/database.sh" } -/* - * [DEPRECATED] db_old - * - * This is the old binary database format from late Anope 1.7.x, Anope 1.8.x, and - * early Anope 1.9.x. This module only loads these databases, and will NOT save them. - * You should only use this to upgrade old databases to a newer database format by loading - * other database modules in addition to this one, which will be used when saving databases. - */ -#module -{ - name = "db_old" - - /* - * This is the encryption type used by the databases. This must be set correctly or - * your passwords will not work. Valid options are: md5, oldmd5, sha1, and plain. - * You must also be sure to load the correct encryption module below in the Encryption - * Modules section so that your passwords work. - */ - #hash = "md5" -} - -/* - * [RECOMMENDED] db_flatfile - * - * This is the default flatfile database format. - */ -#module -{ - name = "db_flatfile" - - /* - * The database name db_flatfile should use - */ - database = "/data/anope.db" - - /* - * Sets the number of days backups of databases are kept. If you don't give it, - * or if you set it to 0, Services won't backup the databases. - * - * NOTE: Services must run 24 hours a day for this feature to work. - * - * This directive is optional, but recommended. - */ - keepbackups = 3 - - /* - * Allows Services to continue file write operations (i.e. database saving) - * even if the original file cannot be backed up. Enabling this option may - * allow Services to continue operation under conditions where it might - * otherwise fail, such as a nearly-full disk. - * - * NOTE: Enabling this option can cause irrecoverable data loss under some - * conditions, so make CERTAIN you know what you're doing when you enable it! - * - * This directive is optional, and you are discouraged against enabling it. - */ - #nobackupokay = yes - - /* - * If enabled, services will fork a child process to save databases. - * - * This is only useful with very large databases, with hundreds - * of thousands of objects, that have a noticeable delay from - * writing databases. - * - * If your database is large enough cause a noticeable delay when - * saving you should consider a more powerful alternative such - * as db_sql or db_redis, which incrementally update their - * databases asynchronously in real time. - */ - fork = no -} - -/* - * db_sql and db_sql_live - * - * db_sql module allows saving and loading databases using one of the SQL engines. - * This module loads the databases once on startup, then incrementally updates - * objects in the database as they are changed within Anope in real time. Changes - * to the SQL tables not done by Anope will have no effect and will be overwritten. - * - * db_sql_live module allows saving and loading databases using one of the SQL engines. - * This module reads and writes to SQL in real time. Changes to the SQL tables - * will be immediately reflected into Anope. This module should not be loaded - * in conjunction with db_sql. - * - */ -#module -{ - name = "db_sql" - #name = "db_sql_live" - - /* - * The SQL service db_sql(_live) should use, these are configured in modules.conf. - * For MySQL, this should probably be mysql/main. - */ - engine = "sqlite/main" - - /* - * An optional prefix to prepended to the name of each created table. - * Do not use the same prefix for other programs. - */ - #prefix = "anope_db_" - - /* Whether or not to import data from another database module in to SQL on startup. - * If you enable this, be sure that the database services is configured to use is - * empty and that another database module to import from is loaded before db_sql. - * After you enable this and do a database import you should disable it for - * subsequent restarts. - * - * Note that you can not import databases using db_sql_live. If you want to import - * databases and use db_sql_live you should import them using db_sql, then shut down - * and start services with db_sql_live. - */ - import = false -} - /* * db_redis. * - * This module allows using Redis (http://redis.io) as a database backend. + * This module allows using Redis (https://redis.io/) as a database backend. * This module requires that m_redis is loaded and configured properly. * * Redis 2.8 supports keyspace notifications which allows Redis to push notifications @@ -1279,14 +647,10 @@ include } /* - * IRC2SQL Gateway - * This module collects data about users, channels and servers. It doesn't build stats - * itself, however, it gives you the database, it's up to you how you use it. - * - * Requires a MySQL Database and MySQL version 5.5 or higher + * Webcpanel module. */ -#include +include { - type = "file" - name = "irc2sql.example.conf" + type = "executable" + name = "/anope/conf/webcpanel.sh" } diff --git a/conf/uplink.sh b/conf/uplink.sh index 20eedbb..755f9b5 100755 --- a/conf/uplink.sh +++ b/conf/uplink.sh @@ -1,5 +1,9 @@ #!/bin/sh +if [ -n "$ANOPE_UPLINK_PASSWORD_FILE" ]; then + ANOPE_UPLINK_PASSWORD=$(cat "$ANOPE_UPLINK_PASSWORD_FILE") +fi + cat <