notnull/banned
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
f7a2ad5cc7
banned/botconfig.py.example
skizzerz 9190a4c859 Rework TLS validation a bit and support SASL EXTERNAL 
- Move the config comments to botconfig.py.example where they will be more useful,
  and move the bits in settings.py near the other IRC-related settings.
- Removed support for hash types that aren't SHA-256 as we perform all the hashing on
  our end (doesn't matter what the server does or does not support), and this greatly
  simplifies the code while leaving things secure enough.
- Hardcode a default cipher suite according to mozilla modern standards, as the
  builtin ciphersuite in python may be less secure for older python versions.
- Add support for EXTERNAL auth in SASL, if a client certificate is provided. If this
  fails, it will fall back to PLAIN auth (to account for the case where a cert is added
  to the bot, but has not yet been added to NickServ, so that the bot can connect and add
  it to NickServ via !fsend)
- Redact passwords from console/log output so that asking people to pastebin their
  --verbose output when reporting issues in #lykos is less fraught with peril.
2018-01-10 12:09:10 -07:00

94 lines
4.1 KiB
Python
Raw Blame History

HOST = "chat.freenode.net"
PORT = 6697
NICK = "mywolfbot"
IDENT = NICK
REALNAME = NICK
USERNAME = "" # For authentication; can be left blank if the same as NICK.
PASS = "my_nickserv_pass" # can be None if authenticating with client certificates (see below)
SASL_AUTHENTICATION = True
USE_SSL = True
SSL_VERIFY = True
# SHA256 fingerprints of server certificates. Usually not needed, but for extra security
# you may set this. Otherwise, we validate certificates as long as they chain up to a trusted CA.
# If set, CA validation is not considered, and we validate based on the fingerprint. If the server
# is using self-signed certificates, you will want to make use of SSL_CERTFP.
# An example below is for freenode; note that certificate fingerprints can and do change over time,
# so manual adjustment may be required if you make use of this setting.
# Example of how to obtain a fingerprint:
# openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null | openssl x509 -fingerprint -sha256 -noout -in /dev/stdin
# The comma at the end is required if there is only one fingerprint.
#SSL_CERTFP = ("51:F4:3A:29:80:49:10:F0:23:5C:5E:F4:3B:0C:0A:6E:D9:42:BF:A1:60:89:4A:28:38:AD:CF:F7:DE:49:B4:16",)
# For authenticating with client certificates, set these options
SSL_CERTFILE = None # Client cert file to connect with in PEM format. May contain private key as well.
SSL_KEYFILE = None # Keyfile for the certfile in PEM format
CHANNEL = "##mywolfgame"
CMD_CHAR = "!"
# If your server requires a connection password, or your services package expects
# a different format if authenticating to NickServ via the PASS command, modify this.
# "{account}:{password}" should work fine on Atheme-based services packages.
#
# Note: Do not put the account and password here; they will be automatically substituted
# from the USERNAME (or NICK) and PASS variables on the top of the file.
SERVER_PASS = None
OWNERS = ("unaffiliated/wolfbot_admin1",) # The comma is required at the end if there is only one owner.
OWNERS_ACCOUNTS = ("1owner_acc",)
#RULES = "https://werewolf.chat/Freenode:Rules"
ALLOWED_NORMAL_MODE_COMMANDS = [] # Debug mode commands to be allowed in normal mode
OWNERS_ONLY_COMMANDS = [] # Commands that should only be allowed for owners, regardless of their original permissions
DISABLE_DEBUG_MODE_REAPER = True
DISABLE_DEBUG_MODE_STASIS = True
DISABLE_DEBUG_MODE_TIMERS = True
DISABLE_DEBUG_MODE_TIME_LORD = False
ALT_CHANNELS = ""
ALLOWED_ALT_CHANNELS_COMMANDS = []
DEV_CHANNEL = "" # Important: Do *not* include the message prefix!
DEV_PREFIX = "" # The prefix to send to the dev channel (e.g. "+" will send to "+#dev-chan")
PASTEBIN_ERRORS = False # If DEV_CHANNEL is set, errors will be posted there.
LOG_CHANNEL = "" # Log !fwarns to this channel, if set
IGNORE_HIDDEN_COMMANDS = True # Ignore commands sent to @#channel or +#channel
ALLOW_NOTICE_COMMANDS = False # Allow "/notice #channel !command" to be interpreted as a command
ALLOW_PRIVATE_NOTICE_COMMANDS = True # Allow "/notice botnick command" to be interpreted as a command
CHANGING_HOST_QUIT_MESSAGE = "Changing host"
USE_UTC = True # If True, logs will use the UTC time, else local time.
# %Y is the year, %m is the month, %d is the day, %H = hour, %M = minute, and %S = seconds.
# {tzname} and {tzoffset} can both be used - the timezone name (like UTC) and offset (+0000), respectively.
TIMESTAMP_FORMAT = "[%Y-%m-%d %H:%M:%S{tzoffset}]"
# The defaults used by the bot should work on freenode and other networks using Atheme.
#
# An example configuration for Undernet is provided below; if you're running the bot on Undernet,
# you can simply uncomment the following lines. For other networks, you can set the appropriate
# values manually.
#
# Note: Do not put the account and password here; they will be automatically substituted
# from the USERNAME (or NICK) and PASS variables on the top of the file.
#NICKSERV = "x@channels.undernet.org"
#NICKSERV_IDENTIFY_COMMAND = "LOGIN {account} {password}"
#NICKSERV_GHOST_COMMAND = ""
#NICKSERV_RELEASE_COMMAND = ""
#NICKSERV_REGAIN_COMMAND = ""
#CHANSERV = "x@channels.undernet.org"
#CHANSERV_OP_COMMAND = "OP {channel}"
# vim: set ft=python:
Reference in New Issue View Git Blame Copy Permalink