playbook/auth.j2

/* auth {}: allow users to connect to the ircd (OLD I:)
 * auth {} blocks MUST be specified in order of precedence.  The first one
 * that matches a user will be used.  So place spoofs first, then specials,
 * then general access, then restricted.
 */
auth {
        /* user: the user@host allowed to connect.  Multiple IPv4/IPv6 user
         * lines are permitted per auth block.  This is matched against the
         * hostname and IP address (using :: shortening for IPv6 and
         * prepending a 0 if it starts with a colon) and can also use CIDR
         * masks.
         */
        user = "*@198.51.100.0/24";
        user = "*test@2001:db8:1:*";

        /* password: an optional password that is required to use this block.
         * By default this is not encrypted, specify the flag "encrypted" in
         * flags = ...; below if it is.
         */
        password = "letmein";
       /* spoof: fake the users user@host to be be this.  You may either
         * specify a host or a user@host to spoof to.  This is free-form,
         * just do everyone a favour and dont abuse it. (OLD I: = flag)
         */
        spoof = "I.still.hate.packets";

        /* Possible flags in auth:
         *
         * encrypted                  | password is encrypted with mkpasswd
         * spoof_notice               | give a notice when spoofing hosts
         * exceed_limit (old > flag)  | allow user to exceed class user limits
         * kline_exempt (old ^ flag)  | exempt this user from k/g/xlines,
         *                            | dnsbls, and proxies
         * proxy_exempt               | exempt this user from proxies
         * dnsbl_exempt               | exempt this user from dnsbls
         * spambot_exempt             | exempt this user from spambot checks
         * shide_exempt               | exempt this user from serverhiding
         * jupe_exempt                | exempt this user from generating
         *                              warnings joining juped channels
         * resv_exempt                | exempt this user from resvs
         * flood_exempt               | exempt this user from flood limits
         *                              USE WITH CAUTION.
         * no_tilde     (old - flag)  | don't prefix ~ to username if no ident
         * need_ident   (old + flag)  | require ident for user in this class
         * need_ssl                   | require SSL/TLS for user in this class
         * need_sasl                  | require SASL id for user in this class
         */
        flags = kline_exempt, exceed_limit;
        class = "opers";
};

auth {
	user = "*@024-196-237-116.res.spectrum.com";
	user = "*@2600:6c5a:517f:e075::/64";

	#password = "letmein";

	spoof = "click.click.manokit";

	/* Possible flags in auth:
	 *
	 * encrypted		  | password is encrypted with mkpasswd
	 * spoof_notice	       | give a notice when spoofing hosts
	 * exceed_limit (old > flag)  | allow user to exceed class user limits
	 * kline_exempt (old ^ flag)  | exempt this user from k/g/xlines,
	 *			    | dnsbls, and proxies
	 * proxy_exempt	       | exempt this user from proxies
	 * dnsbl_exempt	       | exempt this user from dnsbls
	 * spambot_exempt	     | exempt this user from spambot checks
	 * shide_exempt	       | exempt this user from serverhiding
	 * jupe_exempt		| exempt this user from generating
	 *			      warnings joining juped channels
	 * resv_exempt		| exempt this user from resvs
	 * flood_exempt	       | exempt this user from flood limits
	 *			      USE WITH CAUTION.
	 * no_tilde     (old - flag)  | don't prefix ~ to username if no ident
	 * need_ident   (old + flag)  | require ident for user in this class
	 * need_ssl		   | require SSL/TLS for user in this class
	 * need_sasl		  | require SASL id for user in this class
	 */
	#flags = flood_exempt;
	class = "users";
};

auth {
	user = "*@localhost";
	user = "*@localhost.bellz.org";
	user = "*@127.0.0.*";

	/* spoof: fake the users user@host to be be this.  You may either
	 * specify a host or a user@host to spoof to.  This is free-form,
	 * just do everyone a favour and dont abuse it. (OLD I: = flag)
	 */
	spoof = "gateway/tor/account";

	/* Possible flags in auth:
	 *
	 * encrypted		  | password is encrypted with mkpasswd
	 * spoof_notice	       | give a notice when spoofing hosts
	 * exceed_limit (old > flag)  | allow user to exceed class user limits
	 * kline_exempt (old ^ flag)  | exempt this user from k/g/xlines,
	 *			    | dnsbls, and proxies
	 * proxy_exempt	       | exempt this user from proxies
	 * dnsbl_exempt	       | exempt this user from dnsbls
	 * spambot_exempt	     | exempt this user from spambot checks
	 * shide_exempt	       | exempt this user from serverhiding
	 * jupe_exempt		| exempt this user from generating
	 *			      warnings joining juped channels
	 * resv_exempt		| exempt this user from resvs
	 * flood_exempt	       | exempt this user from flood limits
	 *			      USE WITH CAUTION.
	 * no_tilde     (old - flag)  | don't prefix ~ to username if no ident
	 * need_ident   (old + flag)  | require ident for user in this class
	 * need_ssl		   | require SSL/TLS for user in this class
	 * need_sasl		  | require SASL id for user in this class
	 */
	flags = dnsbl_exempt;
	class = "users";
};

auth {
	user = "*@*";
	class = "users";
};