krebs/2configs/ircd.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

{ config, pkgs, ... }:

{
  networking.firewall.allowedTCPPorts = [
    6667 6669
  ];

  systemd.services.charybdis.serviceConfig.LimitNOFILE = 16384;

  krebs.charybdis = {
    enable = true;
    motd = ''
      hello
    '';
    config = ''
      loadmodule "extensions/m_omode";
      serverinfo {
        name = "${config.krebs.build.host.name}.irc.r";
        sid = "1as";
        description = "irc!";
        network_name = "irc.r";

        vhost = "0.0.0.0";
        vhost6 = "::";

        #ssl_private_key = "etc/ssl.key";
        #ssl_cert = "etc/ssl.cert";
        #ssl_dh_params = "etc/dh.pem";
        #ssld_count = 1;

        default_max_clients = 2048;
        #nicklen = 30;
      };

      listen {
        defer_accept = yes;

        /* If you want to listen on a specific IP only, specify host.
         * host definitions apply only to the following port line.
         */
        host = "0.0.0.0";
        port = 6667;
        #sslport = 6697;

        /* Listen on IPv6 (if you used host= above). */
        host = "::";
        port = 6667;
        #sslport = 6697;
      };

      class "users" {
        ping_time = 2 minutes;
        number_per_ident = 10;
        number_per_ip = 4096;
        number_per_ip_global = 4096;
        cidr_ipv4_bitlen = 24;
        cidr_ipv6_bitlen = 64;
        number_per_cidr = 65535;
        max_number = 65535;
        sendq = 1000 megabyte;
      };

      privset "op" {
        privs = oper:admin;
      };

      operator "aids" {
        user = "*@*";
        password = "balls";
        flags = ~encrypted;
        snomask = "+s";
        privset = "op";
      };

      exempt {
        ip = "127.0.0.1";
      };

      exempt {
        ip = "10.243.0.0/16";
      };

      auth {
        user = "*@*";
        class = "users";
        flags = kline_exempt, exceed_limit, flood_exempt;
      };

      channel {
        use_invex = yes;
        use_except = yes;
        use_forward = yes;
        use_knock = yes;
        knock_delay = 5 minutes;
        knock_delay_channel = 1 minute;
        max_chans_per_user = 150;
        max_bans = 100;
        max_bans_large = 500;
        default_split_user_count = 0;
        default_split_server_count = 0;
        no_create_on_split = no;
        no_join_on_split = no;
        burst_topicwho = yes;
        kick_on_split_riding = no;
        only_ascii_channels = no;
        resv_forcepart = yes;
        channel_target_change = yes;
        disable_local_channels = no;
      };

      general {
        #maybe we want ident someday?
        default_floodcount = 10000;
        disable_auth = yes;
        throttle_duration = 1;
        throttle_count = 10000;
      };
    '';
  };
}