From 6f09400b120c3f7d7e09431578716f6644408437 Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Fri, 28 Jun 2024 23:38:43 +0200 Subject: [PATCH] Add Config variable for Draupnir Hijack command And also make the internal admin API be automatically activated when this capability is used. --- group_vars/matrix_servers | 2 ++ roles/custom/matrix-bot-draupnir/defaults/main.yml | 7 +++++++ .../templates/production.yaml.j2 | 14 +++++++------- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index e87013d76..b328828d8 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -3175,6 +3175,8 @@ matrix_bot_draupnir_container_image_self_build: "{{ matrix_architecture not in [ matrix_bot_draupnir_container_network: "{{ matrix_addons_container_network }}" +matrix_bot_draupnir_admin_api_enabled: "{{ matrix_bot_draupnir_room_hijack_enabled }}" + matrix_bot_draupnir_container_additional_networks_auto: |- {{ ( diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index 31ade1be0..3986857cc 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -117,6 +117,13 @@ matrix_bot_draupnir_config_rawHomeserverUrl: "" # noqa var-naming # It is exposed here because it is common enough to be valid to expose. matrix_bot_draupnir_config_disableServerACL: false # noqa var-naming +# Used to control if the Synapse Admin API is exposed internally to the containers and therefore giving Draupnir Access. +matrix_bot_draupnir_admin_api_enabled: "" + +# Controls if the draupnir room hijack command is activated or not. This also automatically enables the internal admin API +# in the process of activation. +matrix_bot_draupnir_room_hijack_enabled: "false" + # Controls if the room state backing store is activated. # Room state backing store makes restarts of the bot lightning fast as the bot does not suffer from amnesia. # This config option has diminished improvements for bots on extremely fast homeservers or very very small bots on fast homeservers. diff --git a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 index 637738b6e..c0b944a56 100644 --- a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 +++ b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 @@ -136,13 +136,13 @@ backgroundDelayMS: 500 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3308 # Server administration commands, these commands will only work if Draupnir is # a global server administrator, and the bot's server is a Synapse instance. -#admin: -# # Whether or not Draupnir can temporarily take control of any eligible account from the local homeserver who's in the room -# # (with enough permissions) to "make" a user an admin. -# # -# # This only works if a local user with enough admin permissions is present in the room. -# enableMakeRoomAdminCommand: false -# +admin: + # Whether or not Draupnir can temporarily take control of any eligible account from the local homeserver who's in the room + # (with enough permissions) to "make" a user an admin. + # + # This only works if a local user with enough admin permissions is present in the room. + enableMakeRoomAdminCommand: {{ matrix_bot_draupnir_room_hijack_enabled | to_json }} + # Misc options for command handling and commands commands: # Whether or not the `!draupnir` prefix is necessary to submit commands.