overmind
/
matrix-docker-ansible-deploy
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
Matrix Docker Ansible eploy
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11288 Commits
14 Branches
1.1 GiB
 
 
Tree: 2d5b5ff7ef
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2d5b5ff7ef'
${ noResults }
matrix-docker-ansible-deploy/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2

323 lines
14 KiB
Raw Blame History 

  1. {#

  2. SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors

  3. SPDX-FileCopyrightText: 2023 - 2026 Catalan Lover <catalanlover@protonmail.com>

  4. SPDX-FileCopyrightText: 2024 Slavi Pantaleev

  5. SPDX-FileCopyrightText: 2024 Suguru Hirahara

  6. 

  7. SPDX-License-Identifier: AGPL-3.0-or-later

  8. #}

  9. 

  10. # Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API),

  11. # set this to the pantalaimon URL if you're using that.

  12. homeserverUrl: {{ matrix_bot_draupnir_config_homeserverUrl | to_json }}

  13. 

  14. # Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),

  15. # only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.

  16. rawHomeserverUrl: {{ matrix_bot_draupnir_config_rawHomeserverUrl | to_json }}

  17. 

  18. # Matrix Access Token to use, Draupnir will only use this if pantalaimon.use is false.

  19. # This option can be loaded from a file by passing "--access-token-path <path>" at the command line,

  20. # which would allow using secret management systems such as systemd's service credentials.

  21. accessToken: {{ matrix_bot_draupnir_config_accessToken | to_json }}

  22. 

  23. {% if matrix_bot_draupnir_pantalaimon_use or matrix_bot_draupnir_login_native %}

  24. # Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon)

  25. pantalaimon:

  26.   # Whether or not Draupnir will use pantalaimon to access the matrix homeserver,

  27.   # set to `true` if you're using pantalaimon.

  28.   #

  29.   # Be sure to point homeserverUrl to the pantalaimon instance.

  30.   #

  31.   # Draupnir will log in using the given username and password once,

  32.   # then store the resulting access token in a file under dataPath.

  33.   use: true

  34. 

  35.   # The username to login with.

  36.   username: {{ matrix_bot_draupnir_login | to_json }}

  37. 

  38.   # The password Draupnir will login with.

  39.   #

  40.   # After successfully logging in once, this will be ignored, so this value can be blanked after first startup.

  41.   # This option can be loaded from a file by passing "--pantalaimon-password-path <path>" at the command line,

  42.   # which would allow using secret management systems such as systemd's service credentials.

  43.   password: {{ matrix_bot_draupnir_password | to_json }}

  44. {% endif %}

  45. 

  46. # Experimental usage of the matrix-bot-sdk rust crypto.

  47. # This can not be used with Pantalaimon.

  48. # Make sure to setup the bot as if you are not using pantalaimon for this.

  49. #

  50. # Warning: At this time this is not considered production safe.

  51. experimentalRustCrypto: {{ matrix_bot_draupnir_config_experimentalRustCrypto | to_json }}

  52. 

  53. # The path Draupnir will store its state/data in, leave default ("/data/storage") when using containers.

  54. dataPath: "/data"

  55. 

  56. # If true (the default), Draupnir will only accept invites from users present in managementRoom.

  57. autojoinOnlyIfManager: true

  58. 

  59. # If `autojoinOnlyIfManager` is false, only the members in this space can invite

  60. # the bot to new rooms.

  61. #acceptInvitesFromSpace: "!qporfwt:example.com"

  62. 

  63. # Whether Draupnir should report ignored invites to the management room (if autojoinOnlyIfManager is true).

  64. recordIgnoredInvites: false

  65. 

  66. {% if not matrix_bot_draupnir_zero_touch_deploy %}

  67. # The room ID (or room alias) of the management room, anyone in this room can issue commands to Draupnir.

  68. #

  69. # Draupnir has no more granular access controls other than this, be sure you trust everyone in this room - secure it!

  70. #

  71. # This should be a room alias or room ID - not a matrix.to URL.

  72. #

  73. # Note: By default, Draupnir is fairly verbose - expect a lot of messages in this room.

  74. # (see verboseLogging to adjust this a bit.)

  75. managementRoom: {{ matrix_bot_draupnir_config_managementRoom | to_json }}

  76. {% endif %}

  77. 

  78. {% if matrix_bot_draupnir_zero_touch_deploy %}

  79. # The initial manager to invite if the management room has to be created.

  80. # Leave this commented out when using a pre-existing management room.

  81. initialManager: {{ matrix_bot_draupnir_config_initialManager | to_json }}

  82. {% endif %}

  83. 

  84. # The log level of terminal (or container) output,

  85. # can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity.

  86. #

  87. # This should be at INFO or DEBUG in order to get support for Draupnir problems.

  88. logLevel: "INFO"

  89. 

  90. # Whether or not Draupnir should check moderation permissions in all protected rooms on startup.

  91. # Equivalent to running `!draupnir verify`.

  92. verifyPermissionsOnStartup: true

  93. 

  94. # Whether or not Draupnir should actually apply bans and policy lists,

  95. # turn on to trial some untrusted configuration or lists.

  96. noop: false

  97. 

  98. # Whether or not Draupnir should apply `m.room.server_acl` events.

  99. # DO NOT change this to `true` unless you are very confident that you know what you are doing.

  100. disableServerACL: {{ matrix_bot_draupnir_config_disableServerACL | to_json }}

  101. 

  102. # A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for.

  103. #

  104. # If the bot sees you ban a user with a reason that is an (exact case-insensitive) match to this list,

  105. # it will also remove the user's messages automatically.

  106. #

  107. # Typically this is useful to avoid having to give two commands to the bot.

  108. # Advanced: Use asterisks to have the reason match using "globs"

  109. # (f.e. "spam*testing" would match "spam for testing" as well as "spamtesting").

  110. #

  111. # See here for more info: https://www.digitalocean.com/community/tools/glob

  112. # Note: Keep in mind that glob is NOT regex!

  113. automaticallyRedactForReasons:

  114.   - "spam"

  115.   - "advertising"

  116. 

  117. # Whether or not to add all joined rooms to the "protected rooms" list

  118. # (excluding the management room and watched policy list rooms, see below).

  119. #

  120. # Note that this effectively makes the protectedRooms and associated commands useless

  121. # for regular rooms.

  122. #

  123. # Note: the management room is *excluded* from this condition.

  124. # Explicitly add it as a protected room to protect it.

  125. #

  126. # Note: Ban list rooms the bot is watching but didn't create will not be protected.

  127. # Explicitly add these rooms as a protected room list if you want them protected.

  128. protectAllJoinedRooms: false

  129. 

  130. # Increase this delay to have Draupnir wait longer between two consecutive backgrounded

  131. # operations. The total duration of operations will be longer, but the homeserver won't

  132. # be affected as much. Conversely, decrease this delay to have Draupnir chain operations

  133. # faster. The total duration of operations will generally be shorter, but the performance

  134. # of the homeserver may be more impacted.

  135. backgroundDelayMS: 500

  136. 

  137. # Server administrative features. These will only work if Draupnir is

  138. # a global server administrator, and the bot's server is a Synapse instance.

  139. # Please review https://the-draupnir-project.github.io/draupnir-documentation/bot/homeserver-administration

  140. admin:

  141.   # Whether to enable the make admin command.

  142.   # This command allows Draupnir can temporarily take control of any eligible account

  143.   # from the local homeserver in the target room (with enough permissions) to "make" another user an admin.

  144.   #

  145.   # This only works if a local user with enough admin permissions is present in the room.

  146.   enableMakeRoomAdminCommand: {{ matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand | to_json }}

  147. 

  148. # Misc options for command handling and commands

  149. commands:

  150.   # Whether or not the `!draupnir` prefix is necessary to submit commands.

  151.   #

  152.   # If `true`, will allow commands like `!ban`, `!help`, etc.

  153.   #

  154.   # Note: Draupnir can also be pinged by display name instead of having to use

  155.   # the !draupnir prefix. For example, "my_moderator_bot: ban @spammer:example.org"

  156.   # will address only my_moderator_bot.

  157.   allowNoPrefix: false

  158. 

  159.   # Controls which symbol will prefix a secondary prefix that is described in additionalPrefixes.

  160.   # For example the `!` in `!draupnir`.

  161.   # If you wish the bot to use "slash commands" with the "/" character instead of the exclamation mark "!" change the value to `"/"` and the bot will start responding to slash commands.

  162. 

  163.   symbolPrefixes:

  164.     - "!"

  165. 

  166.   # Any additional bot prefixes that Draupnir will listen to. i.e. adding `mod` will allow `!mod help`.

  167.   additionalPrefixes:

  168.     - "draupnir-bot"

  169.     - "draupnir_bot"

  170.     - "draupnir"

  171. 

  172.   # The default reasons to be prompted with if the reason is missing from a ban command.

  173.   ban:

  174.     defaultReasons:

  175.       - "spam"

  176.       - "brigading"

  177.       - "harassment"

  178.       - "disagreement"

  179. 

  180. # Configuration specific to certain toggle-able protections

  181. #protections:

  182. #  # Configuration for the wordlist plugin, which can ban users based if they say certain

  183. #  # blocked words shortly after joining.

  184. #  wordlist:

  185. #    # A list of case-insensitive keywords that the WordList protection will watch for from new users.

  186. #    #

  187. #    # WordList will ban users who use these words when first joining a room, so take caution when selecting them.

  188. #    #

  189. #    # The word list protection does not support regular expressions at this time.

  190. #    # The configuration in the past stated support for Regex erroneously.

  191. #    #

  192. #    words:

  193. #      - "LoReM"

  194. #      - "IpSuM"

  195. #      - "DoLoR"

  196. #      - "aMeT"

  197. #

  198. #    # For how long (in minutes) the user is "new" to the WordList plugin.

  199. #    #

  200. #    # After this time, the user will no longer be banned for using a word in the above wordlist.

  201. #    #

  202. #    # Set to zero to disable the timeout and make users *always* appear "new".

  203. #    # (users will always be banned if they say a bad word)

  204. #    minutesBeforeTrusting: 20

  205. 

  206. # The room state backing store writes a copy of the room state for all protected

  207. # rooms to the data directory.

  208. # It is recommended to enable this option unless you deploy Draupnir close to the

  209. # homeserver and know that Draupnir is starting up quickly. If your homeserver can

  210. # respond quickly to Draupnir's requests for `/state` then you might not need this option.

  211. roomStateBackingStore:

  212.   enabled: {{ matrix_bot_draupnir_config_roomStateBackingStore_enabled | to_json }}

  213. 

  214. # Safe mode provides recovery options for some failure modes when Draupnir

  215. # fails to start. For example, if the bot fails to resolve a room alias in

  216. # a watched list, or if the server has parted from a protected room and can't

  217. # find a way back in. Safe mode will provide different options to recover from

  218. # these. Such as unprotecting the room or unwatching the policy list.

  219. # By default Draupnir will boot into safe mode only when the failure mode

  220. # is recoverable.

  221. # It may be desirable to prevent the bot from starting into safe mode if you have

  222. # a pager system when Draupnir is down, as Draupnir could prevent your monitoring

  223. # system from identifying a failure to start.

  224. #safeMode:

  225. #  # The option for entering safe mode when Draupnir fails to start up.

  226. #  # - "RecoveryOnly" will only start the bot in safe mode when there are recovery options available. This is the default.

  227. #  # - "Never" will never start the bot in safe mode when Draupnir fails to start normally.

  228. #  # - "Always" will always start the bot in safe mode when Draupnir fails to start normally.

  229. #  bootOption: RecoveryOnly

  230. 

  231. # Options for advanced monitoring of the health of the bot.

  232. health:

  233.   # healthz options. These options are best for use in container environments

  234.   # like Kubernetes to detect how healthy the service is. The bot will report

  235.   # that it is unhealthy until it is able to process user requests. Typically

  236.   # this means that it'll flag itself as unhealthy for a number of minutes

  237.   # before saying "Now monitoring rooms" and flagging itself healthy.

  238.   #

  239.   # Health is flagged through HTTP status codes, defined below.

  240.   healthz:

  241.     # Whether the healthz integration should be enabled (default false)

  242.     enabled: false

  243. 

  244.     # The port to expose the webserver on. Defaults to 8080.

  245.     port: 8080

  246. 

  247.     # The address to listen for requests on. Defaults to all addresses.

  248.     address: "0.0.0.0"

  249. 

  250.     # The path to expose the monitoring endpoint at. Defaults to `/healthz`

  251.     endpoint: "/healthz"

  252. 

  253.     # The HTTP status code which reports that the bot is healthy/ready to

  254.     # process requests. Typically this should not be changed. Defaults to

  255.     # 200.

  256.     healthyStatus: 200

  257. 

  258.     # The HTTP status code which reports that the bot is not healthy/ready.

  259.     # Defaults to 418.

  260.     unhealthyStatus: 418

  261. 

  262.   # Sentry options. Sentry is a tool used to receive/collate/triage runtime

  263.   # errors and performance issues. Skip this section if you do not wish to use

  264.   # Sentry.

  265.   sentry:

  266.     # The key used to upload Sentry data to the server.

  267.     # dsn: "https://XXXXXXXXX@example.com/YYY

  268. 

  269.     # Frequency of performance monitoring.

  270.     # A number in [0.0, 1.0], where 0.0 means "don't bother with tracing"

  271.     # and 1.0 means "trace performance at every opportunity".

  272.     # tracesSampleRate: 0.5

  273. 

  274. {% if matrix_bot_draupnir_config_web_enabled %}

  275. # Options for exposing web APIs.

  276. web:

  277.   # Whether to enable web APIs.

  278.   enabled: true

  279. 

  280.   # The port to expose the webserver on. Defaults to 8080.

  281.   port: {{ matrix_bot_draupnir_config_web_port | to_json }}

  282. 

  283.   # The address to listen for requests on. Defaults to only the current

  284.   # computer.

  285.   address: "0.0.0.0"

  286. 

  287.   # Alternative setting to open to the entire web. Be careful,

  288.   # as this will increase your security perimeter:

  289.   #

  290.   #  address: "0.0.0.0"

  291. 

  292.   # A web API designed to intercept Matrix API

  293.   # POST /_matrix/client/r0/rooms/{roomId}/report/{eventId}

  294.   # and display readable abuse reports in the moderation room.

  295.   #

  296.   # If you wish to take advantage of this feature, you will need

  297.   # to configure a reverse proxy, see e.g. test/nginx.conf

  298.   abuseReporting:

  299.     # Whether to enable this feature.

  300.     enabled: {{ matrix_bot_draupnir_config_web_abuseReporting | to_json }}

  301.   # Whether to setup a endpoints for synapse-http-antispam

  302.   # https://github.com/maunium/synapse-http-antispam

  303.   # this is required for some features of Draupnir,

  304.   # such as support for room takedown policies.

  305.   #

  306.   # Please FOLLOW the instructions here:

  307.   # https://the-draupnir-project.github.io/draupnir-documentation/bot/synapse-http-antispam

  308.   synapseHTTPAntispam:

  309.     enabled: {{ matrix_bot_draupnir_config_web_synapseHTTPAntispam_enabled | to_json }}

  310.     # This is a secret that you must place into your synapse module config

  311.     # https://github.com/maunium/synapse-http-antispam?tab=readme-ov-file#configuration

  312.     authorization: {{ matrix_bot_draupnir_config_web_synapseHTTPAntispam_authorization | to_json }}

  313. {% endif %}

  314. 

  315. # Whether or not to actively poll synapse for abuse reports, to be used

  316. # instead of intercepting client calls to synapse's abuse endpoint, when that

  317. # isn't possible/practical.

  318. pollReports: false

  319. 

  320. # Whether or not new reports, received either by webapi or polling,

  321. # should be printed to our managementRoom.

  322. displayReports: {{ matrix_bot_draupnir_config_displayReports | to_json }}