From 9bdc509069d0bd39f390769e9dde0aa9d8499b4b Mon Sep 17 00:00:00 2001 From: root Date: Mon, 15 Feb 2021 00:15:13 +0000 Subject: [PATCH] fixed hopm, started moving services to redis --- config/anope/modules.conf | 17 +++++++---------- config/anope/nickserv.conf | 4 ++-- config/anope/services.conf | 27 +++++++++++++-------------- config/hopm/hopm.conf | 29 +++++++---------------------- config/hybrid/general.conf | 20 ++++++++++---------- config/hybrid/hub.auth.conf | 8 ++++++++ config/hybrid/hub.classes.conf | 11 +++++++++++ config/hybrid/hub.conf | 2 ++ config/hybrid/hub.exempt.conf | 1 + config/hybrid/hub.oper.conf | 13 +++++++++++++ hb_hopm/docker-compose.yml | 7 ++++++- hb_hub/docker-compose.yml | 8 ++++++++ hb_mysql/docker-compose.yml | 6 ++---- hb_services/docker-compose.yml | 4 ++-- 14 files changed, 92 insertions(+), 65 deletions(-) diff --git a/config/anope/modules.conf b/config/anope/modules.conf index b2c2acf..fcd8445 100644 --- a/config/anope/modules.conf +++ b/config/anope/modules.conf @@ -1,21 +1,18 @@ module { - name = "help"; + name = "help" } module { - name = "m_mysql" - mysql + name = "m_redis" + redis { - name = "mysql/main" - database = "anope" - server = "100.64.64.130" - username = "root" - password = "" - port = 3306 + name = "redis/main" + ip = "100.64.64.130" + port = 6379 } } module { - name = "m_sasl" + name = "m_sasl" } diff --git a/config/anope/nickserv.conf b/config/anope/nickserv.conf index b626e3e..19784aa 100644 --- a/config/anope/nickserv.conf +++ b/config/anope/nickserv.conf @@ -21,7 +21,7 @@ module modeonid = yes modesonid = "+R" hidenetsplitquit = no - killquick = 20s + killquick = 20s kill = 60s restrictopernicks = no enforceruser = "3nf0rc3r" @@ -464,4 +464,4 @@ command { service = "NickServ"; name = "UPDATE"; command = "nickserv/update"; -} \ No newline at end of file +} diff --git a/config/anope/services.conf b/config/anope/services.conf index 0a2c538..1a42fbd 100644 --- a/config/anope/services.conf +++ b/config/anope/services.conf @@ -98,7 +98,7 @@ options badpasslimit = 5; badpasstimeout = 1h; updatetimeout = 5m; - hidestatso = yes; + hidestatso = yes; expiretimeout = 30m; readtimeout = 5s; warningtimeout = 4h; @@ -106,7 +106,7 @@ options retrywait = 60s; hideprivilegedcommands = yes; hideregisteredcommands = yes; - languages = "de_DE.UTF-8 el_GR.UTF-8 es_ES.UTF-8 fr_FR.UTF-8 hu_HU.UTF-8 it_IT.UTF-8 nl_NL.UTF-8 pt_PT.UTF-8"; + } include @@ -160,11 +160,11 @@ log override = "chanserv/* nickserv/* memoserv/set ~botserv/set botserv/*"; commands = "~operserv/* *"; servers = "*" - channels = "~mode *"; - users = "oper"; + channels = "~mode *"; + users = "oper"; other = "*"; - rawio = no; - debug = no; + rawio = yes; + debug = yes; } log @@ -215,7 +215,7 @@ oper mail { - usemail = yes; + usemail = yes; sendmailpath = "/usr/sbin/sendmail -t"; sendfrom = "services@localhost.net"; delay = 5m; @@ -252,8 +252,8 @@ mail %N administrators." - memo_subject = "New memo"; - memo_message = "Hi %n, + memo_subject = "New memo"; + memo_message = "Hi %n, You've just received a new memo from %s. This is memo number %d. @@ -262,16 +262,15 @@ mail %t"; } + module { - name = "db_sql_live"; - engine = "mysql/main"; - prefix = "anope_db_"; - import = false; + name = "db_redis"; + engine = "redis/main"; } module { - name = "enc_sha256"; + name = "enc_sha256"; } include diff --git a/config/hopm/hopm.conf b/config/hopm/hopm.conf index 2f115e7..653ca67 100644 --- a/config/hopm/hopm.conf +++ b/config/hopm/hopm.conf @@ -3,38 +3,31 @@ */ options { - pidfile = "var/run/hopm.pid"; + pidfile = "/dev/shm/hopm.pid"; command_queue_size = 64; command_interval = 10 seconds; command_timeout = 180 seconds; -# negcache = 1 hour; negcache_rebuild = 12 hours; dns_fdlimit = 102400; dns_timeout = 5 seconds; -# scanlog = "var/log/scan.log"; }; irc { -# vhost = "0.0.0.0"; nick = "SCANNER"; realname = "n3tw3rk 1ns3cur1ty c0rp pr0xy sc4nn3r"; username = "sc4nn3r"; - server = "irc.example.org"; - password = "password"; + server = "100.64.64.66"; port = 6667; tls = no; -# rsa_private_key_file = "etc/rsa.key"; -# tls_certificate_file = "etc/cert.pem"; tls_hostname_verification = yes; readtimeout = 15 minutes; reconnectinterval = 30 seconds; -# nickserv = "NS IDENTIFY password"; - oper = "hopm operpass"; + nickserv = "NS IDENTIFY password"; + oper = "hopm password"; mode = "+c"; away = "go privmsg someone else"; channel { name = "#hopm"; -# key = "somekey"; invite = "CS INVITE #hopm"; }; @@ -98,10 +91,6 @@ opm { kline = "KLINE 180 *@%i :TOR exit node found"; }; -# dnsbl_from = "mybopm@myserver.org"; -# dnsbl_to = "bopm-report@dronebl.org"; -# sendmail = "/usr/sbin/sendmail"; - }; scanner { @@ -111,17 +100,12 @@ scanner { protocol = HTTP:8080; protocol = HTTP:3128; protocol = HTTP:6588; -# protocol = HTTPS:443; -# protocol = HTTPS:8443; protocol = SOCKS4:1080; protocol = SOCKS5:1080; protocol = ROUTER:23; protocol = WINGATE:23; protocol = DREAMBOX:23; protocol = HTTPPOST:80; -# protocol = HTTPSPOST:443; -# protocol = HTTPSPOST:8443; -# vhost = "127.0.0.1"; fd = 102400; max_read = 4 kbytes; timeout = 30 seconds; @@ -195,12 +179,11 @@ scanner { }; user { - mask = "*!*@*"; + mask = "*!*@"; scanner = "default"; }; user { -# mask = "*!~*@*"; mask = "*!squid@*"; mask = "*!nobody@*"; mask = "*!www-data@*"; @@ -215,4 +198,6 @@ user { exempt { mask = "*!*@127.0.0.1"; + mask = "*!*@*.n3tw3rk.1ns3cur1ty.c0rp"; + mask = "*!*@100.64.0.0/17"; }; diff --git a/config/hybrid/general.conf b/config/hybrid/general.conf index 62eb586..0d9b887 100755 --- a/config/hybrid/general.conf +++ b/config/hybrid/general.conf @@ -44,18 +44,18 @@ connect { accept_password = "password"; encrypted = no; class = "hub"; - hub_mask = "*"; - flags = autoconn; + hub_mask = "*"; + flags = autoconn; }; listen { - host = "100.64.65.162"; # Console - port = 6665; - host = "100.64.64.3"; # Hub - port = 7000; - host = "100.64.48.10"; # Public - port = 6667; - host = "2001:470:dc7b:11::2"; # Public IPv6 - port = 6667; + host = "100.64.65.162"; # Console + port = 6665; + host = "100.64.64.3"; # Hub + port = 7000; + host = "100.64.48.10"; # Public + port = 6667; + host = "2001:470:dc7b:11::2"; # Public IPv6 + port = 6667; }; diff --git a/config/hybrid/hub.auth.conf b/config/hybrid/hub.auth.conf index f5275d9..f73972c 100644 --- a/config/hybrid/hub.auth.conf +++ b/config/hybrid/hub.auth.conf @@ -12,6 +12,14 @@ auth { xline_exempt, resv_exempt, can_flood, no_tilde; }; +auth { + spoof = "h0pm.n3tw3rk.1ns3cur1ty.c0rp"; + user = "*@100.64.64.67"; + class = "hopm_scanner"; + flags = need_password, exceed_limit, kline_exempt, + xline_exempt, resv_exempt, can_flood, no_tilde; +}; + auth { spoof = "c0ns0l3.n3tw3rk.1ns3cur1ty.c0rp"; user = "*@*"; diff --git a/config/hybrid/hub.classes.conf b/config/hybrid/hub.classes.conf index 49ffe22..a75c533 100644 --- a/config/hybrid/hub.classes.conf +++ b/config/hybrid/hub.classes.conf @@ -24,6 +24,17 @@ class { max_idle = 1000 years; }; +class { + name = "hopm_scanner"; + ping_time = 2 seconds; + number_per_ip_local = 1; + max_number = 10240; + sendq = 1 megabyte; + max_channels = 60; + max_idle = 1000 years; +}; + + class { name = "tor_edge_hub"; ping_time = 2 seconds; diff --git a/config/hybrid/hub.conf b/config/hybrid/hub.conf index 976689f..e72b4d8 100755 --- a/config/hybrid/hub.conf +++ b/config/hybrid/hub.conf @@ -107,6 +107,8 @@ connect { }; listen { + host = "100.64.64.66"; # HOPM + port = 6667; host = "100.64.64.42"; # Oper bouncer port = 6666; host = "100.64.64.50"; # Console diff --git a/config/hybrid/hub.exempt.conf b/config/hybrid/hub.exempt.conf index a9aaebe..249d6f4 100644 --- a/config/hybrid/hub.exempt.conf +++ b/config/hybrid/hub.exempt.conf @@ -13,4 +13,5 @@ exempt { ip = "100.64.64.40/29"; ip = "100.64.64.48/29"; ip = "100.64.64.56/29"; + ip = "100.64.64.64/29"; }; \ No newline at end of file diff --git a/config/hybrid/hub.oper.conf b/config/hybrid/hub.oper.conf index 6828201..fa0a06d 100644 --- a/config/hybrid/hub.oper.conf +++ b/config/hybrid/hub.oper.conf @@ -16,6 +16,19 @@ operator { kline, module, rehash, restart, set, unkline, unxline, xline; }; +operator { + name = "hopm"; + user = "*@h0pm.n3tw3rk.1ns3cur1ty.c0rp"; + password = "password"; + whois = "I'm too lame to read BitchX.doc"; + class = "hopm_scanner"; + encrypted = no; + umodes = locops, servnotice, wallop, softcallerid, hidden, + invisible, external, debug, rej, skill, hideidle, + wallop, expiration; + flags = admin, connect, connect:remote, die, globops, kill, kill:remote, + kline, module, rehash, restart, set, unkline, unxline, xline; +}; operator { name = "external_hub_operator"; diff --git a/hb_hopm/docker-compose.yml b/hb_hopm/docker-compose.yml index 701cd70..0396bf2 100755 --- a/hb_hopm/docker-compose.yml +++ b/hb_hopm/docker-compose.yml @@ -8,6 +8,9 @@ networks: driver: default config: - subnet: 100.64.48.24/30 + hub: + external: + name: hb_hub_hopm services: hopm: @@ -17,7 +20,7 @@ services: context: ../hopm dockerfile: Dockerfile image: hopm:latest - command: "/usr/local/hopm/bin/hopm" + command: "/usr/local/hopm/bin/hopm -c hopm -d" environment: LANG: en_US.utf8 TZ: UTC @@ -29,6 +32,8 @@ services: networks: default: ipv4_address: 100.64.48.26 + hub: + ipv4_address: 100.64.64.67 volumes: - type: volume source: ephemeral diff --git a/hb_hub/docker-compose.yml b/hb_hub/docker-compose.yml index 59b5faa..0681251 100644 --- a/hb_hub/docker-compose.yml +++ b/hb_hub/docker-compose.yml @@ -58,6 +58,12 @@ networks: config: - subnet: 100.64.64.56/29 internal: true + hopm: + ipam: + driver: default + config: + - subnet: 100.64.64.64/29 + internal: true services: hub: @@ -95,6 +101,8 @@ services: ipv4_address: 100.64.64.50 tor_edge_hub: ipv4_address: 100.64.64.58 + hopm: + ipv4_address: 100.64.64.66 volumes: - type: volume source: ephemeral diff --git a/hb_mysql/docker-compose.yml b/hb_mysql/docker-compose.yml index 35b169f..b9068cd 100644 --- a/hb_mysql/docker-compose.yml +++ b/hb_mysql/docker-compose.yml @@ -25,9 +25,7 @@ services: mysql: restart: unless-stopped hostname: mysql.n3tw3rk.1ns3cur1ty.c0rp - image: mariadb:latest - environment: - MYSQL_ALLOW_EMPTY_PASSWORD: "yes" + image: redis networks: default: ipv4_address: 100.64.0.6 @@ -38,7 +36,7 @@ services: volumes: - type: volume source: ephemeral - target: /var/lib/mysql + target: /data volume: nocopy: false ulimits: diff --git a/hb_services/docker-compose.yml b/hb_services/docker-compose.yml index 25d3d92..ae9679f 100644 --- a/hb_services/docker-compose.yml +++ b/hb_services/docker-compose.yml @@ -25,8 +25,8 @@ services: services: restart: unless-stopped hostname: s3rv1c3z.n3tw3rk.1ns3cur1ty.c0rp -# image: anope/anope:2.0.6 - image: anope/anope:latest + image: anope/anope:2.0.8 +# image: anope/anope:latest environment: LANG: en_US.utf8 TZ: UTC