overmind
/
matrix-docker-ansible-deploy
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
Matrix Docker Ansible eploy
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9624 Commits
12 Branches
1.1 GiB
 
 
Tree: 032a3fc059
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '032a3fc059'
${ noResults }
matrix-docker-ansible-deploy/roles/custom/matrix-bot-mjolnir/templates/production.yaml.j2

248 lines
10 KiB
Raw Blame History 

  1. # Endpoint URL that Mjolnir uses to interact with the Matrix homeserver (client-server API),

  2. # set this to the pantalaimon URL if you're using that.

  3. homeserverUrl: {{ matrix_bot_mjolnir_homeserver_url | to_json }}

  4. 

  5. # Endpoint URL that Mjolnir could use to fetch events related to reports (client-server API and /_synapse/),

  6. # only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.

  7. rawHomeserverUrl: {{ matrix_bot_mjolnir_raw_homeserver_url | to_json }}

  8. 

  9. # Matrix Access Token to use, Mjolnir will only use this if pantalaimon.use is false.

  10. accessToken: {{ matrix_bot_mjolnir_access_token | to_json }}

  11. 

  12. {% if matrix_bot_mjolnir_pantalaimon_use %}

  13. # Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon)

  14. pantalaimon:

  15.   # Whether or not Mjolnir will use pantalaimon to access the Matrix homeserver,

  16.   # set to `true` if you're using pantalaimon.

  17.   #

  18.   # Be sure to point homeserverUrl to the pantalaimon instance.

  19.   #

  20.   # Mjolnir will log in using the given username and password once,

  21.   # then store the resulting access token in a file under dataPath.

  22.   use: true

  23. 

  24.   # The username to login with.

  25.   username: {{ matrix_bot_mjolnir_pantalaimon_username | to_json }}

  26. 

  27.   # The password Mjolnir will login with.

  28.   #

  29.   # After successfully logging in once, this will be ignored, so this value can be blanked after first startup.

  30.   password: {{ matrix_bot_mjolnir_pantalaimon_password | to_json }}

  31. {% endif %}

  32. 

  33. # The path Mjolnir will store its state/data in, leave default ("/data/storage") when using containers.

  34. dataPath: "/data"

  35. 

  36. # If true (the default), Mjolnir will only accept invites from users present in managementRoom.

  37. autojoinOnlyIfManager: true

  38. 

  39. # If `autojoinOnlyIfManager` is false, only the members in this space can invite

  40. # the bot to new rooms.

  41. #acceptInvitesFromSpace: "!qporfwt:example.com"

  42. 

  43. # Whether Mjolnir should report ignored invites to the management room (if autojoinOnlyIfManager is true).

  44. recordIgnoredInvites: false

  45. 

  46. # The room ID (or room alias) of the management room, anyone in this room can issue commands to Mjolnir.

  47. #

  48. # Mjolnir has no more granular access controls other than this, be sure you trust everyone in this room - secure it!

  49. #

  50. # This should be a room alias or room ID - not a matrix.to URL.

  51. #

  52. # Note: By default, Mjolnir is fairly verbose - expect a lot of messages in this room.

  53. # (see verboseLogging to adjust this a bit.)

  54. managementRoom: {{ matrix_bot_mjolnir_management_room | to_json }}

  55. 

  56. # Whether Mjolnir should log a lot more messages in the room,

  57. # mainly involves "all-OK" messages, and debugging messages for when mjolnir checks bans in a room.

  58. verboseLogging: false

  59. 

  60. # The log level of terminal (or container) output.

  61. #

  62. # Valid values: ERROR, WARN, INFO, DEBUG

  63. logLevel: "INFO"

  64. 

  65. # Whether or not Mjolnir should synchronize policy lists immediately after startup.

  66. # Equivalent to running '!mjolnir sync'.

  67. syncOnStartup: true

  68. 

  69. # Whether or not Mjolnir should check moderation permissions in all protected rooms on startup.

  70. # Equivalent to running `!mjolnir verify`.

  71. verifyPermissionsOnStartup: true

  72. 

  73. # Whether or not Mjolnir should actually apply bans and policy lists,

  74. # turn on to trial some untrusted configuration or lists.

  75. noop: false

  76. 

  77. # Whether Mjolnir should check member lists quicker (by using a different endpoint),

  78. # keep in mind that enabling this will miss invited (but not joined) users.

  79. #

  80. # Turn on if your bot is in (very) large rooms, or in large amounts of rooms.

  81. fasterMembershipChecks: false

  82. 

  83. # A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for.

  84. #

  85. # If the bot sees you ban a user with a reason that is an (exact case-insensitive) match to this list,

  86. # it will also remove the user's messages automatically.

  87. #

  88. # Typically this is useful to avoid having to give two commands to the bot.

  89. # Advanced: Use asterisks to have the reason match using "globs"

  90. # (f.e. "spam*testing" would match "spam for testing" as well as "spamtesting").

  91. #

  92. # See here for more info: https://www.digitalocean.com/community/tools/glob

  93. # Note: Keep in mind that glob is NOT regex!

  94. automaticallyRedactForReasons:

  95.   - "spam"

  96.   - "advertising"

  97. 

  98. # A list of rooms to protect. Mjolnir will add this to the list it knows from its account data.

  99. #

  100. # It won't, however, add it to the account data.

  101. # Manually add the room via '!mjolnir rooms add' to have it stay protected regardless if this config value changes.

  102. #

  103. # Note: These must be matrix.to URLs

  104. #protectedRooms:

  105. #  - "https://matrix.to/#/#matrix:example.org"

  106. 

  107. # Whether or not to add all joined rooms to the "protected rooms" list

  108. # (excluding the management room and watched policy list rooms, see below).

  109. #

  110. # Note that this effectively makes the protectedRooms and associated commands useless

  111. # for regular rooms.

  112. #

  113. # Note: the management room is *excluded* from this condition.

  114. # Explicitly add it as a protected room to protect it.

  115. #

  116. # Note: Ban list rooms the bot is watching but didn't create will not be protected.

  117. # Explicitly add these rooms as a protected room list if you want them protected.

  118. protectAllJoinedRooms: false

  119. 

  120. # Increase this delay to have Mjölnir wait longer between two consecutive backgrounded

  121. # operations. The total duration of operations will be longer, but the homeserver won't

  122. # be affected as much. Conversely, decrease this delay to have Mjölnir chain operations

  123. # faster. The total duration of operations will generally be shorter, but the performance

  124. # of the homeserver may be more impacted.

  125. backgroundDelayMS: 500

  126. 

  127. # Server administration commands, these commands will only work if Mjolnir is

  128. # a global server administrator, and the bot's server is a Synapse instance.

  129. #admin:

  130. #  # Whether or not Mjolnir can temporarily take control of any eligible account from the local homeserver who's in the room

  131. #  # (with enough permissions) to "make" a user an admin.

  132. #  #

  133. #  # This only works if a local user with enough admin permissions is present in the room.

  134. #  enableMakeRoomAdminCommand: false

  135. 

  136. # Misc options for command handling and commands

  137. commands:

  138.   # Whether or not the `!mjolnir` prefix is necessary to submit commands.

  139.   #

  140.   # If `true`, will allow commands like `!ban`, `!help`, etc.

  141.   #

  142.   # Note: Mjolnir can also be pinged by display name instead of having to use

  143.   # the !mjolnir prefix. For example, "my_moderator_bot: ban @spammer:example.org"

  144.   # will address only my_moderator_bot.

  145.   allowNoPrefix: false

  146. 

  147.   # Any additional bot prefixes that Mjolnir will listen to. i.e. adding `mod` will allow `!mod help`.

  148.   additionalPrefixes:

  149.     - "mjolnir_bot"

  150. 

  151.   # Whether or not commands with a wildcard (*) will require an additional `--force` argument

  152.   # in the command to be able to be submitted.

  153.   confirmWildcardBan: true

  154. 

  155. # Configuration specific to certain toggle-able protections

  156. #protections:

  157. #  # Configuration for the wordlist plugin, which can ban users based if they say certain

  158. #  # blocked words shortly after joining.

  159. #  wordlist:

  160. #    # A list of case-insensitive keywords that the WordList protection will watch for from new users.

  161. #    #

  162. #    # WordList will ban users who use these words when first joining a room, so take caution when selecting them.

  163. #    #

  164. #    # For advanced usage, regex can also be used, see the following links for more information;

  165. #    #  - https://www.digitalocean.com/community/tutorials/an-introduction-to-regular-expressions

  166. #    #  - https://regexr.com/

  167. #    #  - https://regexone.com/

  168. #    words:

  169. #      - "LoReM"

  170. #      - "IpSuM"

  171. #      - "DoLoR"

  172. #      - "aMeT"

  173. #

  174. #    # For how long (in minutes) the user is "new" to the WordList plugin.

  175. #    #

  176. #    # After this time, the user will no longer be banned for using a word in the above wordlist.

  177. #    #

  178. #    # Set to zero to disable the timeout and make users *always* appear "new".

  179. #    # (users will always be banned if they say a bad word)

  180. #    minutesBeforeTrusting: 20

  181. 

  182. # Options for advanced monitoring of the health of the bot.

  183. health:

  184.   # healthz options. These options are best for use in container environments

  185.   # like Kubernetes to detect how healthy the service is. The bot will report

  186.   # that it is unhealthy until it is able to process user requests. Typically

  187.   # this means that it'll flag itself as unhealthy for a number of minutes

  188.   # before saying "Now monitoring rooms" and flagging itself healthy.

  189.   #

  190.   # Health is flagged through HTTP status codes, defined below.

  191.   healthz:

  192.     # Whether the healthz integration should be enabled (default false)

  193.     enabled: false

  194. 

  195.     # The port to expose the webserver on. Defaults to 8080.

  196.     port: 8080

  197. 

  198.     # The address to listen for requests on. Defaults to all addresses.

  199.     address: "0.0.0.0"

  200. 

  201.     # The path to expose the monitoring endpoint at. Defaults to `/healthz`

  202.     endpoint: "/healthz"

  203. 

  204.     # The HTTP status code which reports that the bot is healthy/ready to

  205.     # process requests. Typically this should not be changed. Defaults to

  206.     # 200.

  207.     healthyStatus: 200

  208. 

  209.     # The HTTP status code which reports that the bot is not healthy/ready.

  210.     # Defaults to 418.

  211.     unhealthyStatus: 418

  212. 

  213. # Options for exposing web APIs.

  214. #web:

  215. #  # Whether to enable web APIs.

  216. #  enabled: false

  217. #

  218. #  # The port to expose the webserver on. Defaults to 8080.

  219. #  port: 8080

  220. #

  221. #  # The address to listen for requests on. Defaults to only the current

  222. #  # computer.

  223. #  address: localhost

  224. #

  225. #  # Alternative setting to open to the entire web. Be careful,

  226. #  # as this will increase your security perimeter:

  227. #  #

  228. #  #  address: "0.0.0.0"

  229. #

  230. #  # A web API designed to intercept Matrix API

  231. #  # POST /_matrix/client/r0/rooms/{roomId}/report/{eventId}

  232. #  # and display readable abuse reports in the moderation room.

  233. #  #

  234. #  # If you wish to take advantage of this feature, you will need

  235. #  # to configure a reverse proxy, see e.g. test/nginx.conf

  236. #  abuseReporting:

  237. #    # Whether to enable this feature.

  238. #    enabled: false

  239. 

  240. # Whether or not to actively poll synapse for abuse reports, to be used

  241. # instead of intercepting client calls to synapse's abuse endpoint, when that

  242. # isn't possible/practical.

  243. pollReports: false

  244. 

  245. # Whether or not new reports, received either by webapi or polling,

  246. # should be printed to our managementRoom.

  247. displayReports: false