lass/2configs/ircd.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100

{ config, pkgs, ... }:

{
  krebs.iptables.tables.filter.INPUT.rules = [
    { predicate = "-i retiolum -p tcp --dport 6667"; target = "ACCEPT"; }
  ];

  services.charybdis = {
    enable = true;
    config = ''
      serverinfo {
        name = "${config.krebs.build.host.name}.irc.retiolum";
        sid = "1as";
        description = "miep!";
        network_name = "irc.retiolum";
        network_desc = "Retiolum IRC Network";
        hub = yes;

        vhost = "0.0.0.0";
        vhost6 = "::";

        #ssl_private_key = "etc/ssl.key";
        #ssl_cert = "etc/ssl.cert";
        #ssl_dh_params = "etc/dh.pem";
        #ssld_count = 1;

        default_max_clients = 10000;
        #nicklen = 30;
      };

      listen {
        defer_accept = yes;

        /* If you want to listen on a specific IP only, specify host.
         * host definitions apply only to the following port line.
         */
        host = "0.0.0.0";
        port = 6667;
        sslport = 6697;

        /* Listen on IPv6 (if you used host= above). */
        host = "::";
        port = 6667;
        sslport = 9999;
      };

      class "users" {
        ping_time = 2 minutes;
        number_per_ident = 10;
        number_per_ip = 2048;
        number_per_ip_global = 4096;
        cidr_ipv4_bitlen = 24;
        cidr_ipv6_bitlen = 64;
        number_per_cidr = 65536;
        max_number = 3000;
        sendq = 1 megabyte;
      };

      exempt {
        ip = "127.0.0.1";
      };

      exempt {
        ip = "10.243.0.0/16";
      };

      auth {
        user = "*@*";
        class = "users";
        flags = kline_exempt, exceed_limit, flood_exempt;
      };

      channel {
        use_invex = yes;
        use_except = yes;
        use_forward = yes;
        use_knock = yes;
        knock_delay = 5 minutes;
        knock_delay_channel = 1 minute;
        max_chans_per_user = 15;
        max_bans = 100;
        max_bans_large = 500;
        default_split_user_count = 0;
        default_split_server_count = 0;
        no_create_on_split = no;
        no_join_on_split = no;
        burst_topicwho = yes;
        kick_on_split_riding = no;
        only_ascii_channels = no;
        resv_forcepart = yes;
        channel_target_change = yes;
        disable_local_channels = no;
      };
      general {
        #maybe we want ident someday?
        disable_auth = yes;
      };
    '';
  };
}