.Dd $Mdocdate$ .Dt SUIKA-CONFIG 5 .Os .Sh NAME .Nm suika-config .Nd Configuration file for suika IRC bouncer .Sh DESCRIPTION The config file has one directive per line Example: listen ircs:// .Pp tls cert.pem key.pem .Pp hostname example.org The following directives are supported: .Bl -tag -width 7n -compact .It listen Listening URI (default: ":6697") The following URIs are supported: .Bl -tag -width 11n -compact .It ircs://[host]:[port] listens with TLS over TCP .It irc+insecure://[host]:[port] listens with plain-text over TCP .It unix:/// listens on a Unix domain socket .It wss://[host]:[port] listens for WebSocket connections over TLS .It ws+insecure://[host]:[port] listens for plain-text WebSocket connections .It ident://[host]:[port] listens for plain-text ident connections .It http+prometheus://[host]:[port] listens for plain-text HTTP connections and serves Prometheus metrics (host must be "localhost") .It http+pprof://[host]:[port] listens for plain-text HTTP connections and serves pprof runtime profiling data (host must be "localhost"). For more information, see: . .El If the scheme is omitted, "ircs" is assumed. If multiple "listen" directives are specified, suika will listen on each of them. .It hostname Server hostname .It title Server title. This will be sent as the ISUPPORT NETWORK value when clients don't select a specific network. .It tls <cert> <key> Enable TLS support. The certificate and key files must be PEM-encoded. .It db <driver> <source> Set the database location for user, network and channel storage. By default, a sqlite3 database is opened in ./suika.db. Supported drivers: .Bl tag -width 7n -compact .It sqlite3 expects source to be a path to the SQLite file .It postgres expects source to be a space- separated list of key=value parameters, e.g. db postgres host=/run/postgresql dbname=suika. Note that sslmode defaults to require. For more information on connection strings, see: <https://pkg.go.dev/github.com/lib/pq#hdr-Connection_String_Parameters> .El .It log fs <path> Path to the bouncer logs directory, or empty to disable logging. By default, logging is disabled. .It http-origin <patterns> List of allowed HTTP origins for WebSocket listeners. The parameters are interpreted as shell patterns, see *glob*(7). By default, only the request host is authorized. Use this directive to enable cross-origin WebSockets. .It accept-proxy-ip <cidr..> Allow the specified IPs to act as a proxy. Proxys have the ability to overwrite the remote and local connection addresses (via the PROXY protocol, the Forwarded HTTP header field defined in RFC 7239 or the X-Forwarded-\* HTTP header fields). The special name "localhost" accepts the loopback addresses 127.0.0.0/8 and ::1/128. By default, all IPs are rejected. .It max-user-networks <limit> Maximum number of networks per user. By default, there is no limit. .It motd <path> Path to the MOTD file. The bouncer MOTD is sent to clients which aren't bound to a specific network. By default, no MOTD is sent. .It multi-upstream-mode <true|false> Globally enable or disable multi-upstream mode. By default, multi-upstream mode is enabled. .It upstream-user-ip <cidr...> Enable per-user IP addresses. One IPv4 range and/or one IPv6 range can be specified in CIDR notation. One IP address per range will be assigned to each user and will be used as the source address when connecting to an upstream network. This can be useful to avoid having the whole bouncer banned from an upstream network because of one malicious user. .El .Sh SEE ALSO .Xr suika 1 .Xr suika-bouncerserv 7 .Sh AUTHORS .An Simon Ser and contributors Aq https://emersion.fr .An Izuru Yakumo Aq Mt yakumo.izuru@chaotic.ninja