Files
Civ/ansible/files/gamma-config/plugins/BanStick/config.yml
2025-08-15 04:55:25 +01:00

170 lines
7.4 KiB
YAML

# Define here the database connection primitives.
# poolsize: How many connections to maintain at maximum
# connectionTimeout: In milliseconds, how long to wait for replies before timing out
# idleTimeout: In milliseconds, how long to let a connection stay open, idle
# maxLifetime: In milliseconds, how long to keep a connection in the pool
database:
host: ${CIV_MYSQL_HOST}
port: 3306
database: banstick # shared (TODO is this safe?)
user: ${CIV_MYSQL_USERNAME}
password: ${CIV_MYSQL_PASSWORD}
poolsize: 15
connectionTimeout: 3000
idleTimeout: 600000
maxLifetime: 7200000
# Do we want to preload all data into memory (recommended) or if enabled: false, wait for on-demand?
# Batch: Size of batch (usually limited by DB software)
# Period: in ticks, how long inbetween batches, shared evenly across all data types
# Delay: in ticks, how long to wait until first batch, shared evenly across all data types
preload:
enabled: true
batch: 100
period: 50
delay: 100
# This is always enabled. Updates to data are done batch-wise; period and delay are in ticks and define how long to wait inbetween update saves
dirtysave:
period: 12000
delay: 6000
import:
enable: false
# IP-Check import. Delay to set how long in ticks to wait after startup to import. Should be idempotent, _no_ guarantee whatsoever.
ipcheck:
delay: 1000
enable: false
database:
host: localhost
port:
database: ipcheck
user:
password:
poolsize: 3
connectionTimeout: 3000
idleTimeout: 600000
maxLifetime: 7200000
# All bans and unbans are separately logged in an audit-log fashion. They are batched for insertion.
# maxBatch: maximum batch size to use
# delay: delay in ticks before beginning after server start
# period: time in ticks between commits
log:
maxBatch: 100
delay: 120
period: 1200
# Event based checks and autoban configuration
# proxy - threshold: value in the database above which an IP Data record is considered a proxy source
# proxy - banMessage: if proxy bans enabled, the message to use
# share - threshold: How many accounts in addition to a player's main account are they allowed to connect with? 0 for no alts, 1 for one alt, etc.
# share - banMessage: if share bans enabled, the message to use
# enable:
# - ipBans: If banstick should autoban players for existing, standing IP bans.
# - subnetBans: If banstick should autoban players for existing, standing bans on subnets containing the connecting IP
# - proxyKicks: If banstick should autokick players for existing, standing banable proxies (does not issue ban)
# - proxyBans: If banstick should autoban players for existing, standing bans of known proxies (enable proxyKicks to also kick)
# - newProxyBans: If banstick should check the proxy threshold and create new bans for proxies if non already exists (leave true even if only kicking)
# - transitiveBans: If banstick should apply bans transitive across IPs
# Usage notes: To ban AND kick on new proxy detection, turn on proxyKicks, proxyBans, and newProxyBans.
# To ban but not kick, turn on proxyBans, and newProxyBans.
# To kick but not ban, turn on proxyKicks and newProxyBans.
# To only leverage existing proxy bans (direct import?) use either proxyKicks or proxyBans but leave newProxyBans off.
#
# - shareBans: If banstick should enforce the share threshold with bans.
# Usage notes: Set share.threshold to > 0 to allow some multiaccounting. If exceeded, will ban only the newest.
events:
proxy:
threshold: 2.8
banMessage: 'VPS / VPN Proxy use is generally prohibited. Issue a ticket at support in the CivMC Discord to discuss: https://discord.gg/nDnsU6vJqg'
share:
threshold: 0
banMessage: 'Multiaccounting is not generally allowed. Issue a ticket at support in the CivMC Discord to discuss/resolve: https://discord.gg/nDnsU6vJqg'
enable:
ipBans: true
subnetBans: true
proxyKicks: true
proxyBans: false
newProxyBans: true
shareBans: true
transitiveBans: true
lovetapOnJoin: true
proxyCheckRegistrar: true
# Configure the data source for VPS / VPN proxy list grabs.
# For cloud9:
# ban.length is in millisecond
# period and delay are in ticks
# defaultScore is the proxy threshold value to assign by default
proxy:
enable: true
cloud9:
enable: true
defaultScore: 3.0
ban:
length: 163800000
message: 'VPS / VPN Proxy use is generally prohibited. Issue a ticket at support in the CivMC Discord to discuss: https://discord.gg/nDnsU6vJqg'
url: https://raw.githubusercontent.com/client9/ipcat/master/datacenters.csv
period: 576000
delay: 4200
# Configure the tor check source; set autoban to true to not only track tor usage but also pre-set bans for tor users
tor:
check: true
autoban: true
# A number of flat lists exists. For each, you can define a ban message and ban length in milliseconds. Indicate
# if its a CIDR ban or specific IP ban list. The period and delay are in ticks, as discussed previously
lists:
danxxx:
ban:
length: 86400000
message: TOR node use is generally prohibited. Modmail to www.reddit.com/r/CivMC to discuss
address: https://www.dan.me.uk/torlist/?exit
period: 72000
delay: 3000
cidr: false
torproject:
ban:
length: 86400000
message: TOR node use is generally prohibited. Modmail to www.reddit.com/r/CivMC to discuss
address: https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=8.26.94.198&port=25565
period: 72000
delay: 3600
cidr: false
# Configure the IP-API lookup for geoip data. By specs maxBatch must not exceed 100; don't exceed a total
# request count of more then 150 / min. Period is in ticks as is cooldownTicks.
# FailureCap defines how many errors from IP-API to ignore before coolingdown / stopped
# Set cooldownTicks to 0 to disable cooldown
# Defaults are safe for non-commercial use.
iplookup:
enable: true
maxBatch: 50
period: 120
failureCap: 5
cooldownTicks: 72000
# Configure the IPHub.info lookup for proxy/vpn/vps data. By specs you must not exceed 50 reqs / min unless on
# a more permissive plan. Default achieves this.
# request count of more then 50 / min. Period is in ticks as is cooldownTicks.
# FailureCap defines how many errors from IPHub.info to ignore before coolingdown / stopped
# Set cooldownTicks to 0 to disable cooldown.
# Batching is not apparently supported atm.
# Defaults match free account limits.
iphub:
enable: false
key: skey
period: 40
failureCap: 5
cooldownTicks: 72000
# Configure the Scrapers to harvest public or anonymous proxies to prevent use in connecting
# freeproxylist binds to the ScrapeFreeProxyList scraper; delay, period, jitter, and errorCooldown are in ticks.
# jitter randomizes a bit the length of time inbetween requests, to reduce likelihood of your server being
# blacklisted
# maxErrors configures how many errors to ignore before engaging errorCooldown time (0 to just stop trying on errors)
# ban: fields define ban length in milliseconds and a ban message to use.
scrapers:
enable: true
freeproxylist:
enable: true
delay: 3300
period: 72000
jitter: 12000
maxErrors: 10
errorCooldown: 144000
ban:
length: 86400000
message: Anonymous Proxy connections are generally prohibited. Modmail to www.reddit.com/r/CivMC to discuss