suika/doc/suika-config.5

.Dd $Mdocdate$
.Dt SUIKA-CONFIG 5
.Os
.Sh NAME
.Nm suika-config
.Nd Configuration file for suika IRC bouncer
.Sh DESCRIPTION
The config file has one directive per line

Example:

listen ircs://
.Pp
tls cert.pem key.pem
.Pp
hostname example.org

The following directives are supported:

.Bl -tag -width 7n -compact
.It listen <uri>
Listening URI (default: ":6697")

The following URIs are supported:
.Bl -tag -width 11n -compact
.It ircs://[host]:[port]
listens with TLS over TCP
.It irc+insecure://[host]:[port]
listens with plain-text over TCP
.It unix:///<path>
listens on a Unix domain socket
.It wss://[host]:[port]
listens for WebSocket connections over
TLS
.It ws+insecure://[host]:[port]
listens for plain-text WebSocket
connections
.It ident://[host]:[port]
listens for plain-text ident
connections
.It http+prometheus://[host]:[port]
listens for plain-text HTTP
connections and serves Prometheus 
metrics (host must be "localhost")
.It http+pprof://[host]:[port]
listens for plain-text HTTP 
connections and serves pprof 
runtime profiling data 
(host must be "localhost"). 
For more information, see: 
<https://pkg.go.dev/net/http/pprof>.
.El

If the scheme is omitted, "ircs" is assumed.
If multiple "listen" directives are specified,
suika will listen on each of them.

.It hostname <name>
Server hostname

.It title <title>
Server title. This will be sent as
the ISUPPORT NETWORK value when
clients don't select a specific
network.

.It tls <cert> <key>
Enable TLS support. The certificate
and key files must be PEM-encoded.

.It db <driver> <source>
Set the database location for user,
network and channel storage. By
default, a sqlite3 database is
opened in ./suika.db.

Supported drivers:

.Bl tag -width 7n -compact
.It sqlite3
expects source to be a path to
the SQLite file
.It postgres
expects source to be a space-
separated list of key=value
parameters, e.g. db postgres
host=/run/postgresql
dbname=suika. Note that
sslmode defaults to require.
For more information on
connection strings, see:
<https://pkg.go.dev/github.com/lib/pq#hdr-Connection_String_Parameters>
.El

.It log fs <path>
Path to the bouncer logs directory, or empty to
disable logging. By default, logging is disabled.

.It http-origin <patterns>
List of allowed HTTP origins for WebSocket listeners. 
The parameters are interpreted as shell patterns, see *glob*(7).

By default, only the request host is authorized. 
Use this directive to enable cross-origin WebSockets.

.It accept-proxy-ip <cidr..>
Allow the specified IPs to act as a proxy. Proxys have the ability to
overwrite the remote and local connection addresses (via the PROXY protocol,
the Forwarded HTTP header field defined in RFC 7239 or the X-Forwarded-\*
HTTP header fields). The special name "localhost" accepts the loopback
addresses 127.0.0.0/8 and ::1/128.

By default, all IPs are rejected.

.It max-user-networks <limit>
Maximum number of networks per user. By default, there is no limit.

.It motd <path>
Path to the MOTD file. The bouncer MOTD is sent to clients which aren't
bound to a specific network. By default, no MOTD is sent.

.It multi-upstream-mode <true|false>
Globally enable or disable multi-upstream mode. 
By default, multi-upstream mode is enabled.

.It upstream-user-ip <cidr...>
Enable per-user IP addresses. 
One IPv4 range and/or one IPv6 range can be
specified in CIDR notation. 
One IP address per range will be assigned to
each user and will be used as the source address when connecting to an
upstream network.

This can be useful to avoid having the whole bouncer banned from an upstream
network because of one malicious user.
.El
.Sh SEE ALSO
.Xr suika 1
.Xr suika-bouncerserv 7
.Sh AUTHORS
.An Simon Ser and contributors Aq https://emersion.fr
.An Izuru Yakumo Aq Mt yakumo.izuru@chaotic.ninja