Configuing and Building HaxIRCd

1 files changed, 333 insertions, 0 deletions

diff --git a/config.md b/config.md
new file mode 100644
index 0000000..772c1c6
--- /dev/null
+++ b/config.md
@@ -0,0 +1,333 @@
+---
+title: Configuring and Building HaxIRCd
+---
+
+# `.makeopts`
+```makefile
+LAST_PLAINTEXT_CLIENT = 
+LAST_PLAINTEXT_SERVER = 1
+LAST_GNUTLS_CLIENT = 
+LAST_GNUTLS_SERVER = 
+LAST_OPENSSL_CLIENT = 
+LAST_OPENSSL_SERVER = 1
+LAST_PLAINTEXT_BUFFERED_CLIENT = 
+LAST_PLAINTEXT_BUFFERED_SERVER = 1
+LAST_GNUTLS_BUFFERED_CLIENT = 
+LAST_GNUTLS_BUFFERED_SERVER =   
+LAST_OPENSSL_BUFFERED_CLIENT = 
+LAST_OPENSSL_BUFFERED_SERVER = 1
+LAST_INSPIRCD2_PROTOCOL = 1
+LAST_INSPIRCD3_PROTOCOL = 1
+LAST_INSPIRCD4_PROTOCOL = 1
+LAST_HAXSERV_PSEUDOCLIENT = 1
+LAST_SERVICES_PSEUDOCLIENT = 1
+LAST_SAFE_STACK = 1
+LAST_FUTEX = 1
+LAST_MISERABLE_SPINLOCKS = 
+LAST_ATOMICS = 1
+LAST_IPv6 = 1
+LAST_CFLAGS = 
+LAST_CC = cc
+```
+
+# `config.c`
+```c
+#include <time.h>
+
+#include "config.h"
+#include "general_network.h"
+#include "protocols.h"
+
+#ifdef USE_SERVER
+#include "server_network.h"
+#endif
+
+#ifdef USE_SERVER
+struct server_config SERVER_CONFIG[] = {
+	{
+	 .name = STRING("peer.server.name"),
+	 /*
+	  * The name of the remote server. Must be in a valid DNS format,
+	  * but doesn't have to resolve.
+	  */
+
+	 .sid = STRING("1UL"),
+	 /*
+	  * The server ID of the remote server. The format depends on the
+	  * protocol, but most protocols expect a three-byte string,
+	  * where the first byte is a number and the two subsequent
+	  * bytes are alphanumeric. Letters should usually be in
+	  * uppercase. Server IDs are not translted between protocols
+	  * so a uniform format is generally required.
+	  */
+
+	 .in_pass = STRING("password-to-expect-from-peer"),
+	 .out_pass = STRING("password-to-send-to-peer"),
+	 /*
+	  * Passwords, should be self-explanatory.
+	  */
+
+	 .protocol = INSPIRCD4_PROTOCOL,
+	 /*
+	  * Which protocol to use. Currently, only InspIRCd protocols are
+	  * supported. A custom HaxIRCd binary protocol is planned, and
+	  * support for TS6, UnrealIRCd, and other protocols may be added.
+	  *
+	  * INSPIRCD4_PROTOCOL: the 1206 protocol native to InspIRCd v4
+	  * INSPIRCD3_PROTOCOL: the 1205 protocol native to InspIRCd v3
+	  * INSPIRCD2_PROTOCOL: the 1202 protocol native to InspIRCd v2
+	  */
+
+	 .ignore_remote_unlinks = 0,
+	 .ignore_remote_kills = 1,
+	 .ignore_local_kills = 1,
+
+	 .autoconnect = 1,
+	 .autoconnect_type = NET_TYPE_PLAINTEXT,
+	 /*
+	  * TLS links are highly recommended if not connecting to localhost
+	  * or otherwise over a secure channel such as WireGuard. Although
+	  * GnuTLS is supported, the primary developers use OpenSSL, and
+	  * OpenSSL is more common anyways.
+	  * Buffering is also highly recommended as it measurably improves
+	  * performance.
+	  *
+	  * NET_TYPE_PLAINTEXT: Plain TCP link
+	  * NET_TYPE_GNUTLS: GnuTLS link
+	  * NET_TYPE_OPENSSL: OpenSSL link
+	  * NET_TYPE_PLAINTEXT_BUFFERED: Plain TCP link with buffering
+	  * NET_TYPE_GNUTLS_BUFFERED: GnuTLS link with buffering
+	  * NET_TYPE_OPENSSL_BUFFERED: OpenSSL link with buffering
+	  */
+
+	 .address = STRING("127.0.0.1"),
+	 /*
+	  * The address to connect to, either as an IP address or as a domain
+	  * name.
+	  * If it is possible that getaddrinfo(3) returns an IPv6 address, or
+	  * if an IPv6 address is specified directly, then IPv6 MUST be
+	  * enabled; otherwise the behavior is undefined.
+	  */
+
+	 .port = STRING("7000"),
+	 },
+};
+
+size_t SERVER_CONFIG_LEN = sizeof(SERVER_CONFIG) / sizeof(*SERVER_CONFIG);
+#endif
+
+struct string SID = STRING("2TX");
+/*
+ * Our own server ID. Most protocols expect a three-byte string,
+ * where the first byte is a number and the two subsequent
+ * bytes are alphanumeric. Letters should usually be in
+ * uppercase. Server IDs are not translted between protocols
+ * so a uniform format is generally required.
+ */
+
+struct string SERVER_NAME = STRING("h.learn.tuxiversity.org");
+/*
+ * Our server name. Well-formed DNS, doesn't have to resolve.
+ */
+
+struct string SERVER_FULLNAME = STRING("HaxIRCd");
+/*
+ * Our server description.
+ */
+
+time_t PING_INTERVAL = 60;
+/*
+ * How many seconds between sending PINGs.
+ */
+
+#ifdef USE_GNUTLS
+char GNUTLS_USE_SYSTEM_TRUST = 1;
+char *GNUTLS_CERT_PATH = "/etc/letsencrypt/live/learn.tuxiversity.org/fullchain.pem";
+char *GNUTLS_KEY_PATH = "/etc/letsencrypt/live/learn.tuxiversity.org/privkey.pem";
+#endif
+
+#ifdef USE_OPENSSL
+char OPENSSL_USE_SYSTEM_TRUST = 1;
+char *OPENSSL_CERT_PATH = "/etc/letsencrypt/live/learn.tuxiversity.org/fullchain.pem";
+char *OPENSSL_KEY_PATH = "/etc/letsencrypt/live/learn.tuxiversity.org/privkey.pem";
+#endif
+
+/*
+ * NOTE: We do not check the validity of TLS certificates yet. CertFP
+ * authentication will be added later.
+ */
+
+#ifdef USE_SERVER
+unsigned short SERVER_PORTS[NUM_NET_TYPES][NUM_PROTOCOLS] = {
+#ifdef USE_PLAINTEXT
+#ifdef USE_INSPIRCD2_PROTOCOL
+	[NET_TYPE_PLAINTEXT][INSPIRCD2_PROTOCOL] = 7001,
+#endif
+#ifdef USE_INSPIRCD3_PROTOCOL
+	[NET_TYPE_PLAINTEXT][INSPIRCD3_PROTOCOL] = 7002,
+#endif
+#endif
+#ifdef USE_GNUTLS
+#ifdef USE_INSPIRCD2_PROTOCOL
+	[NET_TYPE_GNUTLS][INSPIRCD2_PROTOCOL] = 7011,
+#endif
+#ifdef USE_INSPIRCD3_PROTOCOL
+	[NET_TYPE_GNUTLS][INSPIRCD3_PROTOCOL] = 7012,
+#endif
+#ifdef USE_INSPIRCD4_PROTOCOL
+	[NET_TYPE_GNUTLS][INSPIRCD4_PROTOCOL] = 7013,
+#endif
+#endif
+#ifdef USE_OPENSSL
+#ifdef USE_INSPIRCD2_PROTOCOL
+	[NET_TYPE_OPENSSL][INSPIRCD2_PROTOCOL] = 7021,
+#endif
+#ifdef USE_INSPIRCD3_PROTOCOL
+	[NET_TYPE_OPENSSL][INSPIRCD3_PROTOCOL] = 7022,
+#endif
+#ifdef USE_INSPIRCD4_PROTOCOL
+	[NET_TYPE_OPENSSL][INSPIRCD4_PROTOCOL] = 7023,
+#endif
+#endif
+};
+
+size_t SERVER_LISTEN[NUM_NET_TYPES][NUM_PROTOCOLS] = {
+#ifdef USE_PLAINTEXT
+#ifdef USE_INSPIRCD2_PROTOCOL
+	[NET_TYPE_PLAINTEXT][INSPIRCD2_PROTOCOL] = 16,
+#endif
+#ifdef USE_INSPIRCD3_PROTOCOL
+	[NET_TYPE_PLAINTEXT][INSPIRCD3_PROTOCOL] = 16,
+#endif
+#ifdef USE_INSPIRCD4_PROTOCOL
+	[NET_TYPE_PLAINTEXT][INSPIRCD4_PROTOCOL] = 16,
+#endif
+#endif
+#ifdef USE_GNUTLS
+#ifdef USE_INSPIRCD2_PROTOCOL
+	[NET_TYPE_GNUTLS][INSPIRCD2_PROTOCOL] = 16,
+#endif
+#ifdef USE_INSPIRCD3_PROTOCOL
+	[NET_TYPE_GNUTLS][INSPIRCD3_PROTOCOL] = 16,
+#endif
+#ifdef USE_INSPIRCD4_PROTOCOL
+	[NET_TYPE_GNUTLS][INSPIRCD4_PROTOCOL] = 16,
+#endif
+#endif
+#ifdef USE_OPENSSL
+#ifdef USE_INSPIRCD2_PROTOCOL
+	[NET_TYPE_OPENSSL][INSPIRCD2_PROTOCOL] = 16,
+#endif
+#ifdef USE_INSPIRCD3_PROTOCOL
+	[NET_TYPE_OPENSSL][INSPIRCD3_PROTOCOL] = 16,
+#endif
+#ifdef USE_INSPIRCD4_PROTOCOL
+	[NET_TYPE_OPENSSL][INSPIRCD4_PROTOCOL] = 16,
+#endif
+#endif
+};
+
+char SERVER_INCOMING[NUM_NET_TYPES][NUM_PROTOCOLS] = {
+#ifdef USE_PLAINTEXT
+#ifdef USE_INSPIRCD2_PROTOCOL
+	[NET_TYPE_PLAINTEXT][INSPIRCD2_PROTOCOL] = 0,
+#endif
+#ifdef USE_INSPIRCD3_PROTOCOL
+	[NET_TYPE_PLAINTEXT][INSPIRCD3_PROTOCOL] = 0,
+#endif
+#ifdef USE_INSPIRCD4_PROTOCOL
+	[NET_TYPE_PLAINTEXT][INSPIRCD4_PROTOCOL] = 0,
+#endif
+#endif
+#ifdef USE_GNUTLS
+#ifdef USE_INSPIRCD2_PROTOCOL
+	[NET_TYPE_GNUTLS][INSPIRCD2_PROTOCOL] = 0,
+#endif
+#ifdef USE_INSPIRCD3_PROTOCOL
+	[NET_TYPE_GNUTLS][INSPIRCD3_PROTOCOL] = 0,
+#endif
+#ifdef USE_INSPIRCD4_PROTOCOL
+	[NET_TYPE_GNUTLS][INSPIRCD4_PROTOCOL] = 0,
+#endif
+#endif
+#ifdef USE_OPENSSL
+#ifdef USE_INSPIRCD2_PROTOCOL
+	[NET_TYPE_OPENSSL][INSPIRCD2_PROTOCOL] = 1,
+#endif
+#ifdef USE_INSPIRCD3_PROTOCOL
+	[NET_TYPE_OPENSSL][INSPIRCD3_PROTOCOL] = 0,
+#endif
+#ifdef USE_INSPIRCD4_PROTOCOL
+	[NET_TYPE_OPENSSL][INSPIRCD4_PROTOCOL] = 0,
+#endif
+#endif
+};
+#endif
+
+#ifdef USE_HAXSERV_PSEUDOCLIENT
+struct string HAXSERV_UID = STRING("2TX000000");
+/* 
+ * The UID of the HaxServ pseudoclient. For compatibility with most
+ * protocols, this should be 9 bytes long, and the first 3 bytes
+ * must match the SID.
+ */
+
+struct string HAXSERV_NICK = STRING("TuxServ");
+struct string HAXSERV_FULLNAME = STRING("TuxServ");
+struct string HAXSERV_IDENT = STRING("TuxServ");
+struct string HAXSERV_VHOST = STRING("services/TuxServ");
+struct string HAXSERV_HOST = STRING("/dev/full");
+struct string HAXSERV_ADDRESS = STRING("/dev/null");
+
+struct string HAXSERV_PREJOIN_CHANNELS[] = {
+	STRING("#chat"),
+	STRING("#services"),
+	STRING("#spam"),
+};
+
+size_t HAXSERV_NUM_PREJOIN_CHANNELS =
+    sizeof(HAXSERV_PREJOIN_CHANNELS) / sizeof(*HAXSERV_PREJOIN_CHANNELS);
+
+struct string HAXSERV_COMMAND_PREFIX = STRING("TuxServ: ");
+
+struct string HAXSERV_REQUIRED_OPER_TYPE = STRING("NetAdmin");
+/*
+ * Which operator class is required to access HaxServ's extended
+ * command set? Note that HaxServ includes dangerous commands such
+ * as raw S2S message injections and SPAM.
+ */
+
+struct string HAXSERV_LOG_CHANNEL = STRING("#services");
+/*
+ * HaxServ logs command usages to a channel. Specify the channel here.
+ */
+#endif
+
+#ifdef USE_PLAINTEXT_BUFFERED
+size_t PLAINTEXT_BUFFERED_LEN = 1048576;
+#endif
+#ifdef USE_GNUTLS_BUFFERED
+size_t GNUTLS_BUFFERED_LEN = 1048576;
+#endif
+#ifdef USE_OPENSSL_BUFFERED
+size_t OPENSSL_BUFFERED_LEN = 1048576;
+#endif
+/*
+ * You may specify the size of the ring buffers for each buffered
+ * network backend here. They must be larger than any full message;
+ * otherwise, undefined behavior occurs.
+ */
+
+#ifdef USE_HAXSERV_PSEUDOCLIENT
+struct string NICKSERV_UID = STRING("2TX000001");
+struct string NICKSERV_NICK = STRING("TuxNickServ");
+struct string NICKSERV_FULLNAME = STRING("Tux's Nickname Services");
+struct string NICKSERV_IDENT = STRING("TuxNickServ");
+struct string NICKSERV_VHOST = STRING("services/TuxNickServ");
+struct string NICKSERV_HOST = STRING("localhost");
+struct string NICKSERV_ADDRESS = STRING("/dev/null");
+struct string SERVICES_CHANNEL = STRING("#services");
+size_t SERVICES_DB_MAX_SIZE = 104857600;
+struct string SERVICES_DB_PATH = STRING("services.mdb");
+#endif
+```