matrix-docker-ansible-deploy/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2

# Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API),
# set this to the pantalaimon URL if you're using that.
homeserverUrl: {{ matrix_bot_draupnir_homeserver_url | to_json }}

# Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),
# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.
rawHomeserverUrl: {{ matrix_bot_draupnir_raw_homeserver_url | to_json }}

# Matrix Access Token to use, Draupnir will only use this if pantalaimon.use is false.
accessToken: {{ matrix_bot_draupnir_access_token | to_json }}

{% if matrix_bot_draupnir_pantalaimon_use %}
# Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon)
pantalaimon:
  # Whether or not Draupnir will use pantalaimon to access the matrix homeserver,
  # set to `true` if you're using pantalaimon.
  #
  # Be sure to point homeserverUrl to the pantalaimon instance.
  #
  # Draupnir will log in using the given username and password once,
  # then store the resulting access token in a file under dataPath.
  use: true

  # The username to login with.
  username: {{ matrix_bot_draupnir_pantalaimon_username | to_json }}

  # The password Draupnir will login with.
  #
  # After successfully logging in once, this will be ignored, so this value can be blanked after first startup.
  password: {{ matrix_bot_draupnir_pantalaimon_password | to_json }}
{% endif %}

# The path Draupnir will store its state/data in, leave default ("/data/storage") when using containers.
dataPath: "/data"

# If true (the default), Draupnir will only accept invites from users present in managementRoom.
autojoinOnlyIfManager: true

# If `autojoinOnlyIfManager` is false, only the members in this space can invite
# the bot to new rooms.
#acceptInvitesFromSpace: "!example:example.org"

# Whether Draupnir should report ignored invites to the management room (if autojoinOnlyIfManager is true).
recordIgnoredInvites: false

# The room ID (or room alias) of the management room, anyone in this room can issue commands to Draupnir.
#
# Draupnir has no more granular access controls other than this, be sure you trust everyone in this room - secure it!
#
# This should be a room alias or room ID - not a matrix.to URL.
#
# Note: By default, Draupnir is fairly verbose - expect a lot of messages in this room.
# (see verboseLogging to adjust this a bit.)
managementRoom: {{ matrix_bot_draupnir_management_room | to_json }}

# Deprecated and will be removed in a future version.
# Running with verboseLogging is unsupported.
# Whether Draupnir should log a lot more messages in the room,
# mainly involves "all-OK" messages, and debugging messages for when draupnir checks bans in a room.
#verboseLogging: false

# The log level of terminal (or container) output,
# can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity.
#
# This should be at INFO or DEBUG in order to get support for Draupnir problems.
logLevel: "INFO"

# Whether or not Draupnir should synchronize policy lists immediately after startup.
# Equivalent to running '!draupnir sync'.
syncOnStartup: true

# Whether or not Draupnir should check moderation permissions in all protected rooms on startup.
# Equivalent to running `!draupnir verify`.
verifyPermissionsOnStartup: true

# Whether or not Draupnir should actually apply bans and policy lists,
# turn on to trial some untrusted configuration or lists.
noop: false

# Whether or not Draupnir should apply `m.room.server_acl` events.
# DO NOT change this to `true` unless you are very confident that you know what you are doing.
disableServerACL: {{ matrix_bot_draupnir_disable_server_acl | to_json }}

# Whether Draupnir should check member lists quicker (by using a different endpoint),
# keep in mind that enabling this will miss invited (but not joined) users.
#
# Turn on if your bot is in (very) large rooms, or in large amounts of rooms.
fasterMembershipChecks: false

# A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for.
#
# If the bot sees you ban a user with a reason that is an (exact case-insensitive) match to this list,
# it will also remove the user's messages automatically.
#
# Typically this is useful to avoid having to give two commands to the bot.
# Advanced: Use asterisks to have the reason match using "globs"
# (f.e. "spam*testing" would match "spam for testing" as well as "spamtesting").
#
# See here for more info: https://www.digitalocean.com/community/tools/glob
# Note: Keep in mind that glob is NOT regex!
automaticallyRedactForReasons:
  - "spam"
  - "advertising"

# A list of rooms to protect. Draupnir will add this to the list it knows from its account data.
#
# It won't, however, add it to the account data.
# Manually add the room via '!draupnir rooms add' to have it stay protected regardless if this config value changes.
#
# Note: These must be matrix.to URLs
#protectedRooms:
#  - "https://matrix.to/#/#yourroom:example.org"

# Whether or not to add all joined rooms to the "protected rooms" list
# (excluding the management room and watched policy list rooms, see below).
#
# Note that this effectively makes the protectedRooms and associated commands useless
# for regular rooms.
#
# Note: the management room is *excluded* from this condition.
# Explicitly add it as a protected room to protect it.
#
# Note: Ban list rooms the bot is watching but didn't create will not be protected.
# Explicitly add these rooms as a protected room list if you want them protected.
protectAllJoinedRooms: false

# Increase this delay to have Draupnir wait longer between two consecutive backgrounded
# operations. The total duration of operations will be longer, but the homeserver won't
# be affected as much. Conversely, decrease this delay to have Draupnir chain operations
# faster. The total duration of operations will generally be shorter, but the performance
# of the homeserver may be more impacted.
backgroundDelayMS: 500

# Server administration commands, these commands will only work if Draupnir is
# a global server administrator, and the bot's server is a Synapse instance.
admin:
  # Whether or not Draupnir can temporarily take control of any eligible account from the local homeserver who's in the room
  # (with enough permissions) to "make" a user an admin.
  #
  # This only works if a local user with enough admin permissions is present in the room.
  enableMakeRoomAdminCommand: false

# Misc options for command handling and commands
commands:
  # Whether or not the `!draupnir` prefix is necessary to submit commands.
  #
  # If `true`, will allow commands like `!ban`, `!help`, etc.
  #
  # Note: Draupnir can also be pinged by display name instead of having to use
  # the !draupnir prefix. For example, "my_moderator_bot: ban @spammer:example.org"
  # will address only my_moderator_bot.
  allowNoPrefix: false

  # Any additional bot prefixes that Draupnir will listen to. i.e. adding `mod` will allow `!mod help`.
  additionalPrefixes:
    - "draupnir-bot"
    - "draupnir_bot"
    - "draupnir"

  # Whether or not commands with a wildcard (*) will require an additional `--force` argument
  # in the command to be able to be submitted.
  confirmWildcardBan: true

  # The default reasons to be prompted with if the reason is missing from a ban command.
  ban:
    defaultReasons:
      - "spam"
      - "brigading"
      - "harassment"
      - "disagreement"

# Configuration specific to certain toggle-able protections
#protections:
#  # Configuration for the wordlist plugin, which can ban users based if they say certain
#  # blocked words shortly after joining.
#  wordlist:
#    # A list of case-insensitive keywords that the WordList protection will watch for from new users.
#    #
#    # WordList will ban users who use these words when first joining a room, so take caution when selecting them.
#    #
#    # For advanced usage, regex can also be used, see the following links for more information;
#    #  - https://www.digitalocean.com/community/tutorials/an-introduction-to-regular-expressions
#    #  - https://regexr.com/
#    #  - https://regexone.com/
#    words:
#      - "LoReM"
#      - "IpSuM"
#      - "DoLoR"
#      - "aMeT"
#
#    # For how long (in minutes) the user is "new" to the WordList plugin.
#    #
#    # After this time, the user will no longer be banned for using a word in the above wordlist.
#    #
#    # Set to zero to disable the timeout and make users *always* appear "new".
#    # (users will always be banned if they say a bad word)
#    minutesBeforeTrusting: 20

# Options for advanced monitoring of the health of the bot.
health:
  # healthz options. These options are best for use in container environments
  # like Kubernetes to detect how healthy the service is. The bot will report
  # that it is unhealthy until it is able to process user requests. Typically
  # this means that it'll flag itself as unhealthy for a number of minutes
  # before saying "Now monitoring rooms" and flagging itself healthy.
  #
  # Health is flagged through HTTP status codes, defined below.
  healthz:
    # Whether the healthz integration should be enabled (default false)
    enabled: false

    # The port to expose the webserver on. Defaults to 8080.
    port: 8080

    # The address to listen for requests on. Defaults to all addresses.
    address: "0.0.0.0"

    # The path to expose the monitoring endpoint at. Defaults to `/healthz`
    endpoint: "/healthz"

    # The HTTP status code which reports that the bot is healthy/ready to
    # process requests. Typically this should not be changed. Defaults to
    # 200.
    healthyStatus: 200

    # The HTTP status code which reports that the bot is not healthy/ready.
    # Defaults to 418.
    unhealthyStatus: 418

# Options for exposing web APIs.
#web:
#  # Whether to enable web APIs.
#  enabled: false
#
#  # The port to expose the webserver on. Defaults to 8080.
#  port: 8080
#
#  # The address to listen for requests on. Defaults to only the current
#  # computer.
#  address: localhost
#
#  # Alternative setting to open to the entire web. Be careful,
#  # as this will increase your security perimeter:
#  #
#  #  address: "0.0.0.0"
#
#  # A web API designed to intercept Matrix API
#  # POST /_matrix/client/r0/rooms/{roomId}/report/{eventId}
#  # and display readable abuse reports in the moderation room.
#  #
#  # If you wish to take advantage of this feature, you will need
#  # to configure a reverse proxy, see e.g. test/nginx.conf
#  abuseReporting:
#    # Whether to enable this feature.
#    enabled: false

# Whether or not to actively poll synapse for abuse reports, to be used
# instead of intercepting client calls to synapse's abuse endpoint, when that
# isn't possible/practical.
pollReports: false

# Whether or not new reports, received either by webapi or polling,
# should be printed to our managementRoom.
displayReports: false