feat(env.example): update environment configuration with enhanced security and logging settings

This commit revises the env.example file to include comprehensive network and security configurations for the IRC server. Key additions include detailed logging paths, Strict Transport Security (STS) settings, and improved organization of service configurations. The changes aim to bolster security practices and provide clearer guidelines for users setting up their environment, ensuring a more robust and secure IRC server configuration.

Author: kzndotsh

env.example

@@ -1,162 +1,238 @@
 # IRC Server Environment Configuration
+# ====================================
 # Copy this file to .env and customize for your setup
+# 
+# IMPORTANT SECURITY NOTES:
+# - Change ALL default passwords before production use
+# - The .env file is automatically ignored by git for security
+# - Generate secure passwords using: openssl rand -base64 32
 
-# IRC Server Configuration
+# =============================================================================
+# CORE IRC SERVER CONFIGURATION
+# =============================================================================
+
+# Network Identity
 IRC_DOMAIN=irc.atl.chat
-IRC_PORT=6667
-IRC_TLS_PORT=6697
-IRC_SERVER_PORT=6900
-IRC_RPC_PORT=8600
-IRC_WEBSOCKET_PORT=8000
-IRC_STAFF_VHOST=allthingslinux.org
 IRC_ROOT_DOMAIN=atl.chat
-IRC_SERVICES_SERVER=services.atl.chat
-IRC_SERVICES_PASSWORD=change_me_services_password_here
-
-# IRC Server Security
-IRC_ADMIN_EMAIL=admin@allthingslinux.org
-IRC_ADMIN_NAME="All Things Linux"
 IRC_NETWORK_NAME=atl.chat
 IRC_CLOAK_PREFIX=atl
 
-# IRC Operator Credentials (Move to .env for security!)
-# Generate password hash with: docker compose exec ircd /usr/local/unrealircd/bin/unrealircd mkpasswd
+# Network Ports
+IRC_PORT=6667                    # Standard IRC port
+IRC_TLS_PORT=6697               # Secure IRC port (SSL/TLS)
+IRC_SERVER_PORT=6900            # Server-to-server linking port
+IRC_RPC_PORT=8600               # JSON-RPC API port
+IRC_WEBSOCKET_PORT=8000         # WebSocket port for web clients
+
+# Administrator Information
+IRC_ADMIN_NAME="All Things Linux"
+IRC_ADMIN_EMAIL=admin@allthingslinux.org
+IRC_STAFF_VHOST=allthingslinux.org
+
+# Logging Configuration
+IRC_LOG_PATH=/home/unrealircd/unrealircd/logs
+
+# =============================================================================
+# SECURITY CONFIGURATION
+# =============================================================================
+
+# IRC Operator Password
+# Generate with: docker compose exec unrealircd /home/unrealircd/unrealircd/bin/unrealircd mkpasswd
 IRC_OPER_PASSWORD='$argon2id$v=19$m=6144,t=2,p=2$WXOLpTE+DPDr8q6OBVTx3w$bqXpBsaAK6lkXfR/IPn+TcE0VJEKjUFD7xordE6pFSo'
 
-# SSL/TLS Configuration
-# Only these two variables are needed for SSL certificates
+# Strict Transport Security (STS) Settings
+# Progression: 1m -> 1d -> 30d -> 180d (start conservative)
+IRC_STS_DURATION=1m
+IRC_STS_PRELOAD=no              # Set to 'yes' for advanced security (careful!)
+
+# Emergency Security Settings (uncomment during attacks)
+# IRC_EMERGENCY_PM_MODE=registered_only        # Options: disabled, registered_only, high_reputation_only
+# IRC_EMERGENCY_MODES_ON_CONNECT="+ixwR"      # Add +R to disable PM for unregistered users
+
+# =============================================================================
+# SSL/TLS CERTIFICATE CONFIGURATION
+# =============================================================================
+
+# Let's Encrypt Configuration
 LETSENCRYPT_EMAIL=admin@allthingslinux.org
-# IRC_ROOT_DOMAIN is already defined above for the main domain
 
-# Cloudflare DNS-01 Challenge (for automatic certificates)
-# Create cloudflare-credentials.ini from cloudflare-credentials.ini.template
-# Add your API token to the credentials file (NOT as environment variable)
+# SSL Certificate Paths (auto-managed by Let's Encrypt)
+IRC_SSL_CERT_PATH=/home/unrealircd/unrealircd/conf/tls/server.cert.pem
+IRC_SSL_KEY_PATH=/home/unrealircd/unrealircd/conf/tls/server.key.pem
+
+# Cloudflare DNS-01 Challenge
+# Note: Create cloudflare-credentials.ini from template and add your API token
+# Do NOT store the API token in this file for security reasons
+
+# =============================================================================
+# SERVICES CONFIGURATION (ATHEME)
+# =============================================================================
+
+# Services Server Configuration
+IRC_SERVICES_SERVER=services.atl.chat
+IRC_SERVICES_PASSWORD=change_me_services_password_here
 
-# Atheme Services Configuration
+# Atheme Core Configuration
 ATHEME_SERVER_NAME=services.atl.chat
 ATHEME_SERVER_DESC="All Things Linux IRC Services"
 ATHEME_UPLINK_HOST=unrealircd
 ATHEME_UPLINK_PORT=6901
 ATHEME_SEND_PASSWORD=change_me_atheme_send_password_here
 ATHEME_RECEIVE_PASSWORD=change_me_atheme_receive_password_here
-ATHEME_HELP_CHANNEL=#help
-ATHEME_HELP_URL=https://discord.gg/linux
+ATHEME_NUMERIC=00A
+ATHEME_RECONTIME=10
 
-# Atheme Server Information
+# Network Information for Services
 ATHEME_NETNAME=atl.chat
 ATHEME_ADMIN_NAME="All Things Linux"
 ATHEME_ADMIN_EMAIL=admin@allthingslinux.org
 ATHEME_REGISTER_EMAIL=noreply@allthingslinux.org
 ATHEME_HIDEHOST_SUFFIX=users.atl.chat
-ATHEME_NUMERIC=00A
-ATHEME_RECONTIME=10
+ATHEME_HELP_CHANNEL=#help
+ATHEME_HELP_URL=https://discord.gg/linux
+
+# Atheme Logging
+ATHEME_LOG_LEVEL=all
+
+# =============================================================================
+# ATHEME SERVICE BOTS CONFIGURATION
+# =============================================================================
 
-# Atheme Service Bots
+# Core Services
 ATHEME_NICKSERV_NICK=NickServ
 ATHEME_NICKSERV_USER=NickServ
 ATHEME_NICKSERV_HOST=services.atl.chat
 ATHEME_NICKSERV_REAL="Nickname Services"
+
 ATHEME_CHANSERV_NICK=ChanServ
 ATHEME_CHANSERV_USER=ChanServ
 ATHEME_CHANSERV_HOST=services.atl.chat
 ATHEME_CHANSERV_REAL="Channel Services"
 
-# Additional Atheme Services
-ATHEME_INFOSERV_NICK=InfoServ
-ATHEME_INFOSERV_USER=InfoServ
-ATHEME_INFOSERV_HOST=services.atl.chat
-ATHEME_INFOSERV_REAL="Information Service"
 ATHEME_OPERSERV_NICK=OperServ
 ATHEME_OPERSERV_USER=OperServ
 ATHEME_OPERSERV_HOST=services.atl.chat
 ATHEME_OPERSERV_REAL="Operator Services"
-ATHEME_SASLSERV_NICK=SaslServ
-ATHEME_SASLSERV_USER=SaslServ
-ATHEME_SASLSERV_HOST=services.atl.chat
-ATHEME_SASLSERV_REAL="SASL Authentication Agent"
+
 ATHEME_MEMOSERV_NICK=MemoServ
 ATHEME_MEMOSERV_USER=MemoServ
 ATHEME_MEMOSERV_HOST=services.atl.chat
 ATHEME_MEMOSERV_REAL="Memo Services"
-ATHEME_GAMESERV_NICK=GameServ
-ATHEME_GAMESERV_USER=GameServ
-ATHEME_GAMESERV_HOST=services.atl.chat
-ATHEME_GAMESERV_REAL="Game Services"
-ATHEME_RPGSERV_NICK=RPGServ
-ATHEME_RPGSERV_USER=RPGServ
-ATHEME_RPGSERV_HOST=services.atl.chat
-ATHEME_RPGSERV_REAL="RPG Finding Services"
+
+# Authentication Services
+ATHEME_SASLSERV_NICK=SaslServ
+ATHEME_SASLSERV_USER=SaslServ
+ATHEME_SASLSERV_HOST=services.atl.chat
+ATHEME_SASLSERV_REAL="SASL Authentication Agent"
+
+# Management Services
 ATHEME_BOTSERV_NICK=BotServ
 ATHEME_BOTSERV_USER=BotServ
 ATHEME_BOTSERV_HOST=services.atl.chat
 ATHEME_BOTSERV_REAL="Bot Services"
+
 ATHEME_GROUPSERV_NICK=GroupServ
 ATHEME_GROUPSERV_USER=GroupServ
 ATHEME_GROUPSERV_HOST=services.atl.chat
 ATHEME_GROUPSERV_REAL="Group Management Services"
+
 ATHEME_HOSTSERV_NICK=HostServ
 ATHEME_HOSTSERV_USER=HostServ
 ATHEME_HOSTSERV_HOST=services.atl.chat
 ATHEME_HOSTSERV_REAL="Host Management Services"
+
+# Information Services
+ATHEME_INFOSERV_NICK=InfoServ
+ATHEME_INFOSERV_USER=InfoServ
+ATHEME_INFOSERV_HOST=services.atl.chat
+ATHEME_INFOSERV_REAL="Information Service"
+
 ATHEME_HELPSERV_NICK=HelpServ
 ATHEME_HELPSERV_USER=HelpServ
 ATHEME_HELPSERV_HOST=services.atl.chat
 ATHEME_HELPSERV_REAL="Help Services"
+
 ATHEME_STATSERV_NICK=StatServ
 ATHEME_STATSERV_USER=StatServ
 ATHEME_STATSERV_HOST=services.atl.chat
 ATHEME_STATSERV_REAL="Statistics Services"
 
-# Additional Atheme Utility Services
+# Utility Services
 ATHEME_CHANFIX_NICK=ChanFix
 ATHEME_CHANFIX_USER=ChanFix
 ATHEME_CHANFIX_HOST=services.atl.chat
 ATHEME_CHANFIX_REAL="Channel Fixing Service"
+
 ATHEME_GLOBAL_NICK=Global
 ATHEME_GLOBAL_USER=Global
-ATHEME_GLOBAL_HOST=services.atl.chat erxample
-
-
+ATHEME_GLOBAL_HOST=services.atl.chat
 ATHEME_GLOBAL_REAL="Network Announcements"
+
 ATHEME_ALIS_NICK=ALIS
 ATHEME_ALIS_USER=alis
 ATHEME_ALIS_HOST=services.atl.chat
 ATHEME_ALIS_REAL="Channel Directory"
+
+# Security Services
 ATHEME_PROXYSCAN_NICK=Proxyscan
 ATHEME_PROXYSCAN_USER=dnsbl
 ATHEME_PROXYSCAN_HOST=services.atl.chat
 ATHEME_PROXYSCAN_REAL="Proxyscan Service"
 
-# Atheme Logging
-ATHEME_LOG_LEVEL=all
+# Gaming Services
+ATHEME_GAMESERV_NICK=GameServ
+ATHEME_GAMESERV_USER=GameServ
+ATHEME_GAMESERV_HOST=services.atl.chat
+ATHEME_GAMESERV_REAL="Game Services"
 
-# Webpanel Configuration
-UNREALIRCD_HOST=unrealircd
-UNREALIRCD_PORT=8600
-UNREALIRCD_RPC_USER=adminpanel
-UNREALIRCD_RPC_PASSWORD=test1234
+ATHEME_RPGSERV_NICK=RPGServ
+ATHEME_RPGSERV_USER=RPGServ
+ATHEME_RPGSERV_HOST=services.atl.chat
+ATHEME_RPGSERV_REAL="RPG Finding Services"
+
+# =============================================================================
+# WEB PANEL CONFIGURATION
+# =============================================================================
+
+# UnrealIRCd Web Panel RPC Configuration
 WEBPANEL_RPC_USER=adminpanel
 WEBPANEL_RPC_PASSWORD=test1234
 
-# Webpanel Database Configuration (for SQL authentication backend)
-DB_HOST=localhost
-DB_PORT=3306
-DB_NAME=unrealircdwebpanel
-DB_USER=unrealircdwebpanel
-DB_PASSWORD=change_me_webpanel_db_password_here
-
-# TheLounge Configuration
-THELOUNGE_PORT=9000
-THELOUNGE_BIND=0.0.0.0
+# =============================================================================
+# SYSTEM CONFIGURATION
+# =============================================================================
 
-# Timezone
+# System Timezone (used in Docker containers)
 TZ=UTC
 
-# Security Settings
-# Emergency PM restrictions (uncomment during attacks)
-# IRC_EMERGENCY_PM_MODE=registered_only  # Options: disabled, registered_only, high_reputation_only
-# IRC_EMERGENCY_MODES_ON_CONNECT="+ixwR"  # Add +R to disable PM for unregistered users
-
-# Strict Transport Security (STS) Settings
-IRC_STS_DURATION=1m  # Start conservative: 1m -> 1d -> 30d -> 180d
-IRC_STS_PRELOAD=no   # Set to 'yes' for advanced security (careful!)
+# =============================================================================
+# DEVELOPMENT & TESTING (Optional)
+# =============================================================================
+
+# Uncomment these for development/testing environments
+# DEBUG=1                         # Enable debug mode in scripts
+# VERBOSE=1                       # Enable verbose logging in scripts
+
+# =============================================================================
+# UNUSED VARIABLES (Kept for reference - can be removed if not needed)
+# =============================================================================
+
+# The following variables are defined but not currently used in templates or scripts.
+# They may be used by external tools or future features. Remove if not needed:
+
+# Database Configuration (for SQL authentication backend - not currently used)
+# DB_HOST=localhost
+# DB_PORT=3306
+# DB_NAME=unrealircdwebpanel
+# DB_USER=unrealircdwebpanel
+# DB_PASSWORD=change_me_webpanel_db_password_here
+
+# The Lounge Web IRC Client (service not currently enabled)
+# THELOUNGE_PORT=9000
+# THELOUNGE_BIND=0.0.0.0
+
+# Legacy Web Panel Variables (may be used by older web panel versions)
+# UNREALIRCD_HOST=unrealircd
+# UNREALIRCD_PORT=8600
+# UNREALIRCD_RPC_USER=adminpanel
+# UNREALIRCD_RPC_PASSWORD=test1234