Kapisi/roles/IRC/templates/inspircd/inspircd.conf.j2

# Includes
<config format="xml">
<include file="/etc/inspircd/opers.conf">
<include file="/etc/inspircd/links.conf">
<include file="/etc/inspircd/modules.conf">
<files motd="/etc/inspircd/motd.txt" rules="/etc/inspircd/rules.txt">

# Server Definition
<server
    name="{{ external_domain }}"
    description="{{ organization['displayname'] }}/IRC"
    network="{{ organization['displayname'] }}/IRC">
<admin
    name="{{ organization['admin'] }}"
    nick="{{ organization['admin'] }}"
    email="{{ organization['email'] }}">

# Connection Information
<define name="subnetips" value="10.0.1.0/24">
<define name="localhost" value="127.0.0.1/32">
<cidr
    ipv4clone="32"
    ipv6clone="128">


# Plaintext on local only for bots and servers
<bind address="" port="8067" type="servers">
<bind address="" port="6667" type="clients">
<connect
    name="local"
    parent="main"
    allow="127.0.0.1"
    localmax="20"
    globalmax="20"
    limit="20"
    requiressl="off"
    modes="+Bwx"
    threshold="200"
    port="6667">

# SSL for external connections
<bind
    address=""
    port="6697"
    sslprofile="clients"
    type="clients">
<connect
    name="main"
    allow="*"
    commandrate="1000"
    fakelag="on"
    globalmax="500"
    hardsendq="1M"
    limit="500"
    localmax="500"
    maxconnwarn="on"
    modes="+wx"
    pingfreq="120"
    port="6697"
    recvq="8192"
    requiressl="off"
    resolvehostnames="on"
    softsendq="8192"
    threshold="25"
    timeout="10"
    useident="no">
<sslprofile
    name="clients"
    provider="openssl"
    cafile="/etc/letsencrypt/live/{{ ssl['identity'] }}/chain.pem"
    certfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/fullchain.pem"
    keyfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/privkey.pem"
    ciphers="{{ ssl['ciphersuite'] }}"
    hash="sha256"
    renegotiation="no"
    requestclientcert="no"
    sslv3="no"
    tlsv1="no"
    tlsv11="no"
    tlsv12="yes"
    tlsv13="yes">
<openssl onrehash="yes">



# Performance
<performance
    netbuffersize="10240"
    somaxconn="128"
    limitsomaxconn="true"
    softlimit="1024"
    quietbursts="yes">
<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="/var/log/inspircd/inspircd.log" flush="1">
<pid file="/var/lib/inspircd/inspircd.pid">
<options

    prefixquit="Quit: "
    suffixquit=""
    prefixpart="&quot;"
    suffixpart="&quot;"

    syntaxhints="no"

    cyclehosts="no"
    cyclehostsfromuser="no"

    ircumsgprefix="no"

    announcets="yes"

    allowmismatch="no"

    defaultbind="auto"

    hostintopic="yes"

    pingwarning="15"
    serverpingfreq="60"

    defaultmodes="not"

    moronbanner="You're banned! Contact {{ organization['email'] }} with the ERROR line below for help."
    exemptchanops="nonick:v flood:o"
    invitebypassmodes="yes"
    nosnoticestack="no"

    welcomenotice="yes">



# Security and Controls
<security
    announceinvites="dynamic"
    hidemodes="eI"
    hideulines="no"
    flatlinks="no"
    hidewhois=""
    hidebans="no"
    hidekills=""
    hidesplits="yes"
    maxtargets="20"
    customversion=""
    operspywhois="yes"
    restrictbannedusers="yes"
    genericoper="no"
    userstats="Pu">
<limits
    maxnick="12"
    maxchan="20"
    maxmodes="20"
    maxident="64"
    maxquit="255"
    maxtopic="307"
    maxkick="255"
    maxgecos="128"
    maxaway="200">
<channels users="20" opers="60">
<maxlist chan="*" limit="60">
<whowas
    groupsize="10"
    maxgroups="100000"
    maxkeep="1d">

# Ban options
<badnick nick="*Serv" reason="Reserved for Services">
<badhost host="*@*malware*" reason="Malware">
<badhost host="root@*" reason="Don't IRC as root!">
<exception host="{{ organization['admin'] }}@localhost" reason="localhost">
<exception host="{{ organization['admin'] }}@127.0.0.1" reason="localhost">
<exception host="{{ organization['admin'] }}@{{ external_domain }}" reason="localhost">
<exception host="{{ organization['admin'] }}@*.{{ external_domain }}" reason="localhost">
<insane
    hostmasks="no"
    ipmasks="no"
    nickmasks="no"
    trigger="99">