mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2025-01-22 18:59:34 +00:00
f15c0a46be
* Draupnir 2.0.0 The config getting changes all over the place is because of 2.0 having removed a lot of config options due to the code being removed. * Update Draupnir Documentation to reflect state as of 2.0.0 * Apply Review Feedback Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> * Change Room IDs found in code review to not conform to playbook standard. Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> * Further Integrate Code Review Feedback * Apply remaining suggestions from code review. Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> * Apply Configuration Review Feedback Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> * Add Self Registration and Native Login to Draupnir * Rework Draupnir Documentation to Remove Pantalaimon * Set bot.draupnir as default username for the bot in config * Draupnir 2.0.1 * Integrate Review Feedback on Structure of Docs Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> * Further Restructure Docs and tweak variables in response. * Only auto-create draupnir user if a password has been set The Draupnir role supports configuring it with either an access token or with a password. When a password is not assigned (which means the access token mode is used), the user is to be created manually. * Add ensure-matrix-users-created tag Now that the Draupnir user may be auto-created in certain configurations (if a password is assigned), it's useful to have the tag there. --------- Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> Co-authored-by: Slavi Pantaleev <slavi@devture.com>
296 lines
13 KiB
Django/Jinja
296 lines
13 KiB
Django/Jinja
# Endpoint URL that Draupnir uses to interact with the Matrix homeserver (client-server API),
|
|
homeserverUrl: {{ matrix_bot_draupnir_homeserver_url | to_json }}
|
|
|
|
# Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),
|
|
# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.
|
|
rawHomeserverUrl: {{ matrix_bot_draupnir_raw_homeserver_url | to_json }}
|
|
|
|
# Matrix Access Token to use, Draupnir will only use this if pantalaimon.use is false.
|
|
# This option can be loaded from a file by passing "--access-token-path <path>" at the command line,
|
|
# which would allow using secret management systems such as systemd's service credentials.
|
|
accessToken: {{ matrix_bot_draupnir_access_token | to_json }}
|
|
|
|
{% if matrix_bot_draupnir_pantalaimon_use or matrix_bot_draupnir_login_native %}
|
|
# Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon)
|
|
pantalaimon:
|
|
# Set to `true` when the bot is to login and fetch the access token on its own.
|
|
#
|
|
# Draupnir will log in using the given username and password once,
|
|
# then store the resulting access token in a file under dataPath.
|
|
use: true
|
|
|
|
# The username to login with.
|
|
username: {{ matrix_bot_draupnir_login | to_json }}
|
|
|
|
# The password Draupnir will login with.
|
|
#
|
|
# After successfully logging in once, this will be ignored, so this value can be blanked after first startup.
|
|
# This option can be loaded from a file by passing "--password-path <path>" at the command line,
|
|
# which would allow using secret management systems such as systemd's service credentials.
|
|
password: {{ matrix_bot_draupnir_password | to_json }}
|
|
{% endif %}
|
|
|
|
# Experimental usage of the matrix-bot-sdk rust crypto. This can not be used with Pantalaimon.
|
|
# Make sure Pantalaimon is disabled in Draupnir's configuration.
|
|
#
|
|
# Warning: At this time this is not considered production safe.
|
|
experimentalRustCrypto: {{ matrix_bot_draupnir_enable_experimental_rust_crypto | to_json }}
|
|
|
|
# The path Draupnir will store its state/data in, leave default ("/data/storage") when using containers.
|
|
dataPath: "/data"
|
|
|
|
# If true (the default), Draupnir will only accept invites from users present in managementRoom.
|
|
autojoinOnlyIfManager: true
|
|
|
|
# If `autojoinOnlyIfManager` is false, only the members in this space can invite
|
|
# the bot to new rooms.
|
|
#acceptInvitesFromSpace: "!qporfwt:example.com"
|
|
|
|
# Whether Draupnir should report ignored invites to the management room (if autojoinOnlyIfManager is true).
|
|
recordIgnoredInvites: false
|
|
|
|
# The room ID (or room alias) of the management room, anyone in this room can issue commands to Draupnir.
|
|
#
|
|
# Draupnir has no more granular access controls other than this, be sure you trust everyone in this room - secure it!
|
|
#
|
|
# This should be a room alias or room ID - not a matrix.to URL.
|
|
#
|
|
# Note: By default, Draupnir is fairly verbose - expect a lot of messages in this room.
|
|
# (see verboseLogging to adjust this a bit.)
|
|
managementRoom: {{ matrix_bot_draupnir_management_room | to_json }}
|
|
|
|
# Deprecated and will be removed in a future version.
|
|
# Running with verboseLogging is unsupported.
|
|
# Whether Draupnir should log a lot more messages in the room,
|
|
# mainly involves "all-OK" messages, and debugging messages for when Draupnir checks bans in a room.
|
|
verboseLogging: false
|
|
|
|
# The log level of terminal (or container) output,
|
|
# can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity.
|
|
#
|
|
# This should be at INFO or DEBUG in order to get support for Draupnir problems.
|
|
logLevel: "INFO"
|
|
|
|
# Whether or not Draupnir should synchronize policy lists immediately after startup.
|
|
# Equivalent to running '!draupnir sync'.
|
|
syncOnStartup: true
|
|
|
|
# Whether or not Draupnir should check moderation permissions in all protected rooms on startup.
|
|
# Equivalent to running `!draupnir verify`.
|
|
verifyPermissionsOnStartup: true
|
|
|
|
# Whether or not Draupnir should actually apply bans and policy lists,
|
|
# turn on to trial some untrusted configuration or lists.
|
|
noop: false
|
|
|
|
# Whether or not Draupnir should apply `m.room.server_acl` events.
|
|
# DO NOT change this to `true` unless you are very confident that you know what you are doing.
|
|
disableServerACL: {{ matrix_bot_draupnir_disable_server_acl | to_json }}
|
|
|
|
# A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for.
|
|
#
|
|
# If the bot sees you ban a user with a reason that is an (exact case-insensitive) match to this list,
|
|
# it will also remove the user's messages automatically.
|
|
#
|
|
# Typically this is useful to avoid having to give two commands to the bot.
|
|
# Advanced: Use asterisks to have the reason match using "globs"
|
|
# (f.e. "spam*testing" would match "spam for testing" as well as "spamtesting").
|
|
#
|
|
# See here for more info: https://www.digitalocean.com/community/tools/glob
|
|
# Note: Keep in mind that glob is NOT regex!
|
|
automaticallyRedactForReasons:
|
|
- "spam"
|
|
- "advertising"
|
|
|
|
# Whether or not to add all joined rooms to the "protected rooms" list
|
|
# (excluding the management room and watched policy list rooms, see below).
|
|
#
|
|
# Note that this effectively makes the protectedRooms and associated commands useless
|
|
# for regular rooms.
|
|
#
|
|
# Note: the management room is *excluded* from this condition.
|
|
# Explicitly add it as a protected room to protect it.
|
|
#
|
|
# Note: Ban list rooms the bot is watching but didn't create will not be protected.
|
|
# Explicitly add these rooms as a protected room list if you want them protected.
|
|
protectAllJoinedRooms: false
|
|
|
|
# Increase this delay to have Draupnir wait longer between two consecutive backgrounded
|
|
# operations. The total duration of operations will be longer, but the homeserver won't
|
|
# be affected as much. Conversely, decrease this delay to have Draupnir chain operations
|
|
# faster. The total duration of operations will generally be shorter, but the performance
|
|
# of the homeserver may be more impacted.
|
|
backgroundDelayMS: 500
|
|
|
|
# FIXME: This configuration option is currently broken in the playbook as admin APIs cannot
|
|
# be accessed from containers. See https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3389
|
|
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3308
|
|
# Server administration commands, these commands will only work if Draupnir is
|
|
# a global server administrator, and the bot's server is a Synapse instance.
|
|
#admin:
|
|
# # Whether or not Draupnir can temporarily take control of any eligible account from the local homeserver who's in the room
|
|
# # (with enough permissions) to "make" a user an admin.
|
|
# #
|
|
# # This only works if a local user with enough admin permissions is present in the room.
|
|
# enableMakeRoomAdminCommand: false
|
|
#
|
|
# Misc options for command handling and commands
|
|
commands:
|
|
# Whether or not the `!draupnir` prefix is necessary to submit commands.
|
|
#
|
|
# If `true`, will allow commands like `!ban`, `!help`, etc.
|
|
#
|
|
# Note: Draupnir can also be pinged by display name instead of having to use
|
|
# the !draupnir prefix. For example, "my_moderator_bot: ban @spammer:example.org"
|
|
# will address only my_moderator_bot.
|
|
allowNoPrefix: false
|
|
|
|
# Any additional bot prefixes that Draupnir will listen to. i.e. adding `mod` will allow `!mod help`.
|
|
additionalPrefixes:
|
|
- "draupnir-bot"
|
|
- "draupnir_bot"
|
|
- "draupnir"
|
|
|
|
# The default reasons to be prompted with if the reason is missing from a ban command.
|
|
ban:
|
|
defaultReasons:
|
|
- "spam"
|
|
- "brigading"
|
|
- "harassment"
|
|
- "disagreement"
|
|
|
|
# Configuration specific to certain toggle-able protections
|
|
#protections:
|
|
# # Configuration for the wordlist plugin, which can ban users based if they say certain
|
|
# # blocked words shortly after joining.
|
|
# wordlist:
|
|
# # A list of case-insensitive keywords that the WordList protection will watch for from new users.
|
|
# #
|
|
# # WordList will ban users who use these words when first joining a room, so take caution when selecting them.
|
|
# #
|
|
# # The word list protection does not support regular expressions at this time.
|
|
# # The configuration in the past stated support for Regex erroneously.
|
|
# #
|
|
# words:
|
|
# - "LoReM"
|
|
# - "IpSuM"
|
|
# - "DoLoR"
|
|
# - "aMeT"
|
|
#
|
|
# # For how long (in minutes) the user is "new" to the WordList plugin.
|
|
# #
|
|
# # After this time, the user will no longer be banned for using a word in the above wordlist.
|
|
# #
|
|
# # Set to zero to disable the timeout and make users *always* appear "new".
|
|
# # (users will always be banned if they say a bad word)
|
|
# minutesBeforeTrusting: 20
|
|
|
|
# The room state backing store writes a copy of the room state for all protected
|
|
# rooms to the data directory.
|
|
# It is recommended to enable this option unless you deploy Draupnir close to the
|
|
# homeserver and know that Draupnir is starting up quickly. If your homeserver can
|
|
# respond quickly to Draupnir's requests for `/state` then you might not need this option.
|
|
roomStateBackingStore:
|
|
enabled: {{ matrix_bot_draupnir_enable_room_state_backing_store | to_json }}
|
|
|
|
# Safe mode provides recovery options for some failure modes when Draupnir
|
|
# fails to start. For example, if the bot fails to resolve a room alias in
|
|
# a watched list, or if the server has parted from a protected room and can't
|
|
# find a way back in. Safe mode will provide different options to recover from
|
|
# these. Such as unprotecting the room or unwatching the policy list.
|
|
# By default Draupnir will boot into safe mode only when the failure mode
|
|
# is recoverable.
|
|
# It may be desirable to prevent the bot from starting into safe mode if you have
|
|
# a pager system when Draupnir is down, as Draupnir could prevent your monitoring
|
|
# system from identifying a failure to start.
|
|
#safeMode:
|
|
# # The option for entering safe mode when Draupnir fails to start up.
|
|
# # - "RecoveryOnly" will only start the bot in safe mode when there are recovery options available. This is the default.
|
|
# # - "Never" will never start the bot in safe mode when Draupnir fails to start normally.
|
|
# # - "Always" will always start the bot in safe mode when Draupnir fails to start normally.
|
|
# bootOption: RecoveryOnly
|
|
|
|
# Options for advanced monitoring of the health of the bot.
|
|
health:
|
|
# healthz options. These options are best for use in container environments
|
|
# like Kubernetes to detect how healthy the service is. The bot will report
|
|
# that it is unhealthy until it is able to process user requests. Typically
|
|
# this means that it'll flag itself as unhealthy for a number of minutes
|
|
# before saying "Now monitoring rooms" and flagging itself healthy.
|
|
#
|
|
# Health is flagged through HTTP status codes, defined below.
|
|
healthz:
|
|
# Whether the healthz integration should be enabled (default false)
|
|
enabled: false
|
|
|
|
# The port to expose the webserver on. Defaults to 8080.
|
|
port: 8080
|
|
|
|
# The address to listen for requests on. Defaults to all addresses.
|
|
address: "0.0.0.0"
|
|
|
|
# The path to expose the monitoring endpoint at. Defaults to `/healthz`
|
|
endpoint: "/healthz"
|
|
|
|
# The HTTP status code which reports that the bot is healthy/ready to
|
|
# process requests. Typically this should not be changed. Defaults to
|
|
# 200.
|
|
healthyStatus: 200
|
|
|
|
# The HTTP status code which reports that the bot is not healthy/ready.
|
|
# Defaults to 418.
|
|
unhealthyStatus: 418
|
|
|
|
# Sentry options. Sentry is a tool used to receive/collate/triage runtime
|
|
# errors and performance issues. Skip this section if you do not wish to use
|
|
# Sentry.
|
|
sentry:
|
|
# The key used to upload Sentry data to the server.
|
|
# dsn: "https://XXXXXXXXX@example.com/YYY
|
|
|
|
# Frequency of performance monitoring.
|
|
# A number in [0.0, 1.0], where 0.0 means "don't bother with tracing"
|
|
# and 1.0 means "trace performance at every opportunity".
|
|
# tracesSampleRate: 0.5
|
|
|
|
{% if matrix_bot_draupnir_web_enabled %}
|
|
# Options for exposing web APIs.
|
|
web:
|
|
# Whether to enable web APIs.
|
|
enabled: true
|
|
|
|
# The port to expose the webserver on. Defaults to 8080.
|
|
port: 8080
|
|
|
|
# The address to listen for requests on. Defaults to only the current
|
|
# computer.
|
|
address: "0.0.0.0"
|
|
|
|
# Alternative setting to open to the entire web. Be careful,
|
|
# as this will increase your security perimeter:
|
|
#
|
|
# address: "0.0.0.0"
|
|
|
|
# A web API designed to intercept Matrix API
|
|
# POST /_matrix/client/r0/rooms/{roomId}/report/{eventId}
|
|
# and display readable abuse reports in the moderation room.
|
|
#
|
|
# If you wish to take advantage of this feature, you will need
|
|
# to configure a reverse proxy, see e.g. test/nginx.conf
|
|
abuseReporting:
|
|
# Whether to enable this feature.
|
|
enabled: {{ matrix_bot_draupnir_abuse_reporting_enabled | to_json }}
|
|
{% endif %}
|
|
|
|
# FIXME: This configuration option is currently broken in the playbook as admin APIs cannot
|
|
# be accessed from containers. See https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3389
|
|
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3308
|
|
# Whether or not to actively poll synapse for abuse reports, to be used
|
|
# instead of intercepting client calls to synapse's abuse endpoint, when that
|
|
# isn't possible/practical.
|
|
#pollReports: false
|
|
|
|
# Whether or not new reports, received either by webapi or polling,
|
|
# should be printed to our managementRoom.
|
|
displayReports: {{ matrix_bot_draupnir_display_reports | to_json }}
|