From 1a5dce62a3d99d5f59a95a0056439d0e344aa898 Mon Sep 17 00:00:00 2001 From: Runxi Yu Date: Thu, 25 Jul 2024 08:00:00 +0800 Subject: Configuing and Building HaxIRCd --- config.md | 333 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 333 insertions(+) create mode 100644 config.md diff --git a/config.md b/config.md new file mode 100644 index 0000000..772c1c6 --- /dev/null +++ b/config.md @@ -0,0 +1,333 @@ +--- +title: Configuring and Building HaxIRCd +--- + +# `.makeopts` +```makefile +LAST_PLAINTEXT_CLIENT = +LAST_PLAINTEXT_SERVER = 1 +LAST_GNUTLS_CLIENT = +LAST_GNUTLS_SERVER = +LAST_OPENSSL_CLIENT = +LAST_OPENSSL_SERVER = 1 +LAST_PLAINTEXT_BUFFERED_CLIENT = +LAST_PLAINTEXT_BUFFERED_SERVER = 1 +LAST_GNUTLS_BUFFERED_CLIENT = +LAST_GNUTLS_BUFFERED_SERVER = +LAST_OPENSSL_BUFFERED_CLIENT = +LAST_OPENSSL_BUFFERED_SERVER = 1 +LAST_INSPIRCD2_PROTOCOL = 1 +LAST_INSPIRCD3_PROTOCOL = 1 +LAST_INSPIRCD4_PROTOCOL = 1 +LAST_HAXSERV_PSEUDOCLIENT = 1 +LAST_SERVICES_PSEUDOCLIENT = 1 +LAST_SAFE_STACK = 1 +LAST_FUTEX = 1 +LAST_MISERABLE_SPINLOCKS = +LAST_ATOMICS = 1 +LAST_IPv6 = 1 +LAST_CFLAGS = +LAST_CC = cc +``` + +# `config.c` +```c +#include + +#include "config.h" +#include "general_network.h" +#include "protocols.h" + +#ifdef USE_SERVER +#include "server_network.h" +#endif + +#ifdef USE_SERVER +struct server_config SERVER_CONFIG[] = { + { + .name = STRING("peer.server.name"), + /* + * The name of the remote server. Must be in a valid DNS format, + * but doesn't have to resolve. + */ + + .sid = STRING("1UL"), + /* + * The server ID of the remote server. The format depends on the + * protocol, but most protocols expect a three-byte string, + * where the first byte is a number and the two subsequent + * bytes are alphanumeric. Letters should usually be in + * uppercase. Server IDs are not translted between protocols + * so a uniform format is generally required. + */ + + .in_pass = STRING("password-to-expect-from-peer"), + .out_pass = STRING("password-to-send-to-peer"), + /* + * Passwords, should be self-explanatory. + */ + + .protocol = INSPIRCD4_PROTOCOL, + /* + * Which protocol to use. Currently, only InspIRCd protocols are + * supported. A custom HaxIRCd binary protocol is planned, and + * support for TS6, UnrealIRCd, and other protocols may be added. + * + * INSPIRCD4_PROTOCOL: the 1206 protocol native to InspIRCd v4 + * INSPIRCD3_PROTOCOL: the 1205 protocol native to InspIRCd v3 + * INSPIRCD2_PROTOCOL: the 1202 protocol native to InspIRCd v2 + */ + + .ignore_remote_unlinks = 0, + .ignore_remote_kills = 1, + .ignore_local_kills = 1, + + .autoconnect = 1, + .autoconnect_type = NET_TYPE_PLAINTEXT, + /* + * TLS links are highly recommended if not connecting to localhost + * or otherwise over a secure channel such as WireGuard. Although + * GnuTLS is supported, the primary developers use OpenSSL, and + * OpenSSL is more common anyways. + * Buffering is also highly recommended as it measurably improves + * performance. + * + * NET_TYPE_PLAINTEXT: Plain TCP link + * NET_TYPE_GNUTLS: GnuTLS link + * NET_TYPE_OPENSSL: OpenSSL link + * NET_TYPE_PLAINTEXT_BUFFERED: Plain TCP link with buffering + * NET_TYPE_GNUTLS_BUFFERED: GnuTLS link with buffering + * NET_TYPE_OPENSSL_BUFFERED: OpenSSL link with buffering + */ + + .address = STRING("127.0.0.1"), + /* + * The address to connect to, either as an IP address or as a domain + * name. + * If it is possible that getaddrinfo(3) returns an IPv6 address, or + * if an IPv6 address is specified directly, then IPv6 MUST be + * enabled; otherwise the behavior is undefined. + */ + + .port = STRING("7000"), + }, +}; + +size_t SERVER_CONFIG_LEN = sizeof(SERVER_CONFIG) / sizeof(*SERVER_CONFIG); +#endif + +struct string SID = STRING("2TX"); +/* + * Our own server ID. Most protocols expect a three-byte string, + * where the first byte is a number and the two subsequent + * bytes are alphanumeric. Letters should usually be in + * uppercase. Server IDs are not translted between protocols + * so a uniform format is generally required. + */ + +struct string SERVER_NAME = STRING("h.learn.tuxiversity.org"); +/* + * Our server name. Well-formed DNS, doesn't have to resolve. + */ + +struct string SERVER_FULLNAME = STRING("HaxIRCd"); +/* + * Our server description. + */ + +time_t PING_INTERVAL = 60; +/* + * How many seconds between sending PINGs. + */ + +#ifdef USE_GNUTLS +char GNUTLS_USE_SYSTEM_TRUST = 1; +char *GNUTLS_CERT_PATH = "/etc/letsencrypt/live/learn.tuxiversity.org/fullchain.pem"; +char *GNUTLS_KEY_PATH = "/etc/letsencrypt/live/learn.tuxiversity.org/privkey.pem"; +#endif + +#ifdef USE_OPENSSL +char OPENSSL_USE_SYSTEM_TRUST = 1; +char *OPENSSL_CERT_PATH = "/etc/letsencrypt/live/learn.tuxiversity.org/fullchain.pem"; +char *OPENSSL_KEY_PATH = "/etc/letsencrypt/live/learn.tuxiversity.org/privkey.pem"; +#endif + +/* + * NOTE: We do not check the validity of TLS certificates yet. CertFP + * authentication will be added later. + */ + +#ifdef USE_SERVER +unsigned short SERVER_PORTS[NUM_NET_TYPES][NUM_PROTOCOLS] = { +#ifdef USE_PLAINTEXT +#ifdef USE_INSPIRCD2_PROTOCOL + [NET_TYPE_PLAINTEXT][INSPIRCD2_PROTOCOL] = 7001, +#endif +#ifdef USE_INSPIRCD3_PROTOCOL + [NET_TYPE_PLAINTEXT][INSPIRCD3_PROTOCOL] = 7002, +#endif +#endif +#ifdef USE_GNUTLS +#ifdef USE_INSPIRCD2_PROTOCOL + [NET_TYPE_GNUTLS][INSPIRCD2_PROTOCOL] = 7011, +#endif +#ifdef USE_INSPIRCD3_PROTOCOL + [NET_TYPE_GNUTLS][INSPIRCD3_PROTOCOL] = 7012, +#endif +#ifdef USE_INSPIRCD4_PROTOCOL + [NET_TYPE_GNUTLS][INSPIRCD4_PROTOCOL] = 7013, +#endif +#endif +#ifdef USE_OPENSSL +#ifdef USE_INSPIRCD2_PROTOCOL + [NET_TYPE_OPENSSL][INSPIRCD2_PROTOCOL] = 7021, +#endif +#ifdef USE_INSPIRCD3_PROTOCOL + [NET_TYPE_OPENSSL][INSPIRCD3_PROTOCOL] = 7022, +#endif +#ifdef USE_INSPIRCD4_PROTOCOL + [NET_TYPE_OPENSSL][INSPIRCD4_PROTOCOL] = 7023, +#endif +#endif +}; + +size_t SERVER_LISTEN[NUM_NET_TYPES][NUM_PROTOCOLS] = { +#ifdef USE_PLAINTEXT +#ifdef USE_INSPIRCD2_PROTOCOL + [NET_TYPE_PLAINTEXT][INSPIRCD2_PROTOCOL] = 16, +#endif +#ifdef USE_INSPIRCD3_PROTOCOL + [NET_TYPE_PLAINTEXT][INSPIRCD3_PROTOCOL] = 16, +#endif +#ifdef USE_INSPIRCD4_PROTOCOL + [NET_TYPE_PLAINTEXT][INSPIRCD4_PROTOCOL] = 16, +#endif +#endif +#ifdef USE_GNUTLS +#ifdef USE_INSPIRCD2_PROTOCOL + [NET_TYPE_GNUTLS][INSPIRCD2_PROTOCOL] = 16, +#endif +#ifdef USE_INSPIRCD3_PROTOCOL + [NET_TYPE_GNUTLS][INSPIRCD3_PROTOCOL] = 16, +#endif +#ifdef USE_INSPIRCD4_PROTOCOL + [NET_TYPE_GNUTLS][INSPIRCD4_PROTOCOL] = 16, +#endif +#endif +#ifdef USE_OPENSSL +#ifdef USE_INSPIRCD2_PROTOCOL + [NET_TYPE_OPENSSL][INSPIRCD2_PROTOCOL] = 16, +#endif +#ifdef USE_INSPIRCD3_PROTOCOL + [NET_TYPE_OPENSSL][INSPIRCD3_PROTOCOL] = 16, +#endif +#ifdef USE_INSPIRCD4_PROTOCOL + [NET_TYPE_OPENSSL][INSPIRCD4_PROTOCOL] = 16, +#endif +#endif +}; + +char SERVER_INCOMING[NUM_NET_TYPES][NUM_PROTOCOLS] = { +#ifdef USE_PLAINTEXT +#ifdef USE_INSPIRCD2_PROTOCOL + [NET_TYPE_PLAINTEXT][INSPIRCD2_PROTOCOL] = 0, +#endif +#ifdef USE_INSPIRCD3_PROTOCOL + [NET_TYPE_PLAINTEXT][INSPIRCD3_PROTOCOL] = 0, +#endif +#ifdef USE_INSPIRCD4_PROTOCOL + [NET_TYPE_PLAINTEXT][INSPIRCD4_PROTOCOL] = 0, +#endif +#endif +#ifdef USE_GNUTLS +#ifdef USE_INSPIRCD2_PROTOCOL + [NET_TYPE_GNUTLS][INSPIRCD2_PROTOCOL] = 0, +#endif +#ifdef USE_INSPIRCD3_PROTOCOL + [NET_TYPE_GNUTLS][INSPIRCD3_PROTOCOL] = 0, +#endif +#ifdef USE_INSPIRCD4_PROTOCOL + [NET_TYPE_GNUTLS][INSPIRCD4_PROTOCOL] = 0, +#endif +#endif +#ifdef USE_OPENSSL +#ifdef USE_INSPIRCD2_PROTOCOL + [NET_TYPE_OPENSSL][INSPIRCD2_PROTOCOL] = 1, +#endif +#ifdef USE_INSPIRCD3_PROTOCOL + [NET_TYPE_OPENSSL][INSPIRCD3_PROTOCOL] = 0, +#endif +#ifdef USE_INSPIRCD4_PROTOCOL + [NET_TYPE_OPENSSL][INSPIRCD4_PROTOCOL] = 0, +#endif +#endif +}; +#endif + +#ifdef USE_HAXSERV_PSEUDOCLIENT +struct string HAXSERV_UID = STRING("2TX000000"); +/* + * The UID of the HaxServ pseudoclient. For compatibility with most + * protocols, this should be 9 bytes long, and the first 3 bytes + * must match the SID. + */ + +struct string HAXSERV_NICK = STRING("TuxServ"); +struct string HAXSERV_FULLNAME = STRING("TuxServ"); +struct string HAXSERV_IDENT = STRING("TuxServ"); +struct string HAXSERV_VHOST = STRING("services/TuxServ"); +struct string HAXSERV_HOST = STRING("/dev/full"); +struct string HAXSERV_ADDRESS = STRING("/dev/null"); + +struct string HAXSERV_PREJOIN_CHANNELS[] = { + STRING("#chat"), + STRING("#services"), + STRING("#spam"), +}; + +size_t HAXSERV_NUM_PREJOIN_CHANNELS = + sizeof(HAXSERV_PREJOIN_CHANNELS) / sizeof(*HAXSERV_PREJOIN_CHANNELS); + +struct string HAXSERV_COMMAND_PREFIX = STRING("TuxServ: "); + +struct string HAXSERV_REQUIRED_OPER_TYPE = STRING("NetAdmin"); +/* + * Which operator class is required to access HaxServ's extended + * command set? Note that HaxServ includes dangerous commands such + * as raw S2S message injections and SPAM. + */ + +struct string HAXSERV_LOG_CHANNEL = STRING("#services"); +/* + * HaxServ logs command usages to a channel. Specify the channel here. + */ +#endif + +#ifdef USE_PLAINTEXT_BUFFERED +size_t PLAINTEXT_BUFFERED_LEN = 1048576; +#endif +#ifdef USE_GNUTLS_BUFFERED +size_t GNUTLS_BUFFERED_LEN = 1048576; +#endif +#ifdef USE_OPENSSL_BUFFERED +size_t OPENSSL_BUFFERED_LEN = 1048576; +#endif +/* + * You may specify the size of the ring buffers for each buffered + * network backend here. They must be larger than any full message; + * otherwise, undefined behavior occurs. + */ + +#ifdef USE_HAXSERV_PSEUDOCLIENT +struct string NICKSERV_UID = STRING("2TX000001"); +struct string NICKSERV_NICK = STRING("TuxNickServ"); +struct string NICKSERV_FULLNAME = STRING("Tux's Nickname Services"); +struct string NICKSERV_IDENT = STRING("TuxNickServ"); +struct string NICKSERV_VHOST = STRING("services/TuxNickServ"); +struct string NICKSERV_HOST = STRING("localhost"); +struct string NICKSERV_ADDRESS = STRING("/dev/null"); +struct string SERVICES_CHANNEL = STRING("#services"); +size_t SERVICES_DB_MAX_SIZE = 104857600; +struct string SERVICES_DB_PATH = STRING("services.mdb"); +#endif +``` -- cgit v1.2.3